Mastodawn

4n6 May 17, 2025

I am reliably informed by Google Shield that my site krebsonsecurity.com on Monday was the target of the biggest DDoS attack Google has ever had to deal with, clocking in at ~6.3 Tbps. This is not quite a record; apparently, an attack Cloudflare had to deal with in April is the largest known DDoS to date -- at ~6.5 Tbps.

It's been a while since we've seen a big DDoS. For reference, this one was about 10x the size of the Mirai botnet attack that launched a record DDoS against my site in 2016, knocking it offline for nearly 4 days until I got the site behind Google Sheild.

I'll know more in a bit. Below is the CF blog about their April attack.

https://blog.cloudflare.com/ddos-threat-report-for-2025-q1/#hyper-volumetric-attacks-continue-spill-into-q2

Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report

DDoS attacks are surging. In 2025 Q1, Cloudflare blocked +20M attacks (a 358% YoY spike) along with 5.6 Tbps and 4.8 Bpps record-breaking attacks. And that's just the beginning. Read more in our latest DDoS Threat Report.

The Cloudflare Blog

snowyfox May 17, 2025

.

4n6 May 17, 2025

@briankrebs Congratulations? Get well soon? Better luck next time? Not sure hallmark make cards for these kinds of occasions…

Fritz Adalis May 17, 2025

@briankrebs
That was me, my cat sat on my F5 key.

Roadskater, Ph.D.May 17, 2025

@briankrebs Probably from someone who thinks your first name is Chris.

Alida Antonia May 17, 2025

@briankrebs I’m glad I’m not popular like you. It was vengeance or something you are working on.

nixCraft 🐧May 17, 2025

@briankrebs 😱 damn that is a huge attack.

SomeAnoTooter May 17, 2025

@briankrebs do we know where those attacks are coming from and if they are getting bigger/worse because of iot devices?

Raven667 May 17, 2025

@briankrebs congratulations on your popularity ;-)

LiquidParasyte May 17, 2025

holy shit? Why do attackers try to take you offline (several times)?

Mark Whybird May 17, 2025

@liquidparasyte Brian Krebs is probably like a boss challenge to certain script kiddies

Linda Sgoluppi Artist May 17, 2025

@briankrebs Glad for you it was stopped but is Google Sheild able to give an indication who was at the back of the attack?

BrianKrebs May 17, 2025

@lindasgoluppiart Yes. More soon.

Sass, David May 17, 2025

@briankrebs the netflow logs must have filled some storage systems 😱😅

gunstick May 17, 2025

@briankrebs soon DDoS attacks will get measured in magnitudes, so it will never go above 10. 🤣
In a sense it already is. Mbps, Gbps, Tbps, Pbps...
So with T it would be magnitude 5.

Nicole Parsons May 17, 2025

Attacks of that size are often funded. "Hacks for hire" outfits.

Wonder who paid for this one?

https://www.forbes.com/sites/emilsayegh/2025/03/11/how-hack-for-hire-mercenaries-are-reshaping-cybersecurity-crime/

How ‘Hack For Hire’ Mercenaries Are Reshaping Cybersecurity Crime

Governments, corporations and even individuals can now rent hackers like they would a consulting firm, making cyberattacks more accessible than ever.

Forbes

@Npars01 and even then to me this looks more like a "bad" #PR stunt to me.

An expensive one for shure.

It's the digital equivalent of kids shooting paintballs at a parked cop car in a monsoon rain and that got only noticed retroactively...

I just think it's wasteful to #DDoS @briankrebs 's website because it's only a #blog, he doesn't pay any #ransom, is extremely well protected and outage of it doesn't generate the same public or financial pressure compared to businesses and governmental institutions.

Like even if they had succeeded, what would've been the outcome? Maybe line that reads: "Congrats Kiddo, you just wasted thousands if not millions of dollars worth in Monero just to create an outage of a tiny blog. Go give yourself a star in your exercise book!"…

Someone just had more money than sense I guess...

Kevin Karhan :verified: (@[email protected])

@[email protected] TBH, I think #DDoS'ing *your blog* is kinda wasteful beyond *"#BraggingRights"* because it's not only *well protected* but the amount of damage / revenue by #blackmailing they could expect is just zero. - I mean, it shure is a way to get *your attention* but that doesn't mean any #BlackHat should *ask for that*! But there are thousands if not millions of weaker targets they could've attacked. - Seems like the [muggers from Crocodile Dundee](https://www.youtube.com/watch?v=qi0G0b1dNzE) *but dumber* cuz they try to puncture your tires but you're sitting in a tracked tank. Pretty shure had #Google not told you or anyone else you would not have even noticed it.

Infosec.Space

Nicole Parsons May 17, 2025

@kkarhan @briankrebs

Too many tech lords are petty & vindictive.

Brian Krebs is spending money to protect a blog with the very company that hates everything he stands for

"Make it Expensive" to get privacy & security is part of the objective in a fascist movement

Peter Thiel spent millions to bankrupt Gawker
https://www.forbes.com/sites/mattdrange/2019/12/23/best-stories-of-the-decade-behind-peter-thiels-plan-to-destroy-gawker/

Lawmakers spend fortunes on private security against MAGA wingnuts
https://www.businessinsider.com/lawmakers-spent-thousands-on-security-after-capitol-insurrection-records-2021-4

https://www.axios.com/2022/02/16/congress-spending-personal-security

What happens for those who can't afford it?

Best Stories Of The Decade: “Behind Peter Thiel’s Plan To Destroy Gawker”

We're republishing our greatest work from the past 10 years, including this real-life whodunnit that revealed how Peter Thiel extinguished Gawker.

Forbes

@Npars01 good question.

I do acknowledge that @briankrebs is in a very privilegued position and #Google keeps him as client because dropping him would be a #PR-Nightmare.

My guess is that @torproject / #Tor will be the only option for those without money or "rank" to flex…

Cyber French Montana May 17, 2025

@Npars01 https://infosec.exchange/@briankrebs/114513278097158959

BrianKrebs (@[email protected])

@jamesb2147 The people I wrote about in that story have spent tens of millions of dollars running ads on Google. Something tells me they've learned a few dark SEO tricks during that time.

Infosec Exchange

Vincent 🌻🇪🇺 en 🌹☘️May 17, 2025

@briankrebs Must be doing something right

@briankrebs TBH, I think #DDoS'ing your blog is kinda wasteful beyond "#BraggingRights" because it's not only well protected but the amount of damage / revenue by #blackmailing they could expect is just zero.

I mean, it shure is a way to get your attention but that doesn't mean any #BlackHat should ask for that!

But there are thousands if not millions of weaker targets they could've attacked.

Seems like the muggers from Crocodile Dundee but dumber cuz they try to puncture your tires but you're sitting in a tracked tank.

Pretty shure had #Google not told you or anyone else you would not have even noticed it.

That’s not a knife…THAT’S A KNIFE.” 😅 Crocodile Dun #movies #shorts

YouTube

BrianKrebs May 17, 2025

@kkarhan We've seen this commercial before. DDoS reporter w/ record or near record DDoS, reporter writes about said DDoS, and DDoS service operator gets temporary big advertisement for it. But there's also usually a second or third story eventually, about the botnet owner getting owned.

@briankrebs yeah, cuz every #SecOps of any #ISP is gonna read that and look into the affected hosts if they were in their netwirk and obviously share the findings with investigators.

And I don't blame them since #DDoS attacks espechally at that scale do create a lot if cost and anger at their end as well.

So everyone but the malicious actor is gonna be mad...

Which makes it an even worse decision!

Stefan Beyer May 17, 2025

@briankrebs congratulations - you're obviously doing a few things right when it comes to your work ;-)

kaaswe May 17, 2025

@briankrebs
Congratulations, that’s a award

@briankrebs Dam.

System Adminihater May 17, 2025

@briankrebs There are really still this many misconfigured UDP sources? Fuck just shut the Internet off.

Carl (He/Him)May 17, 2025

@briankrebs Do you think that's a nation-state attack? Russia?

Drey May 17, 2025

@briankrebs - These Hackers that are causing the threat will soon get caught and possible prison time.

Cyber French Montana May 17, 2025

@briankrebs Axact is likely behind this right, BK?

https://krebsonsecurity.com/2025/05/pakistani-firm-shipped-fentanyl-analogs-scams-to-us/

Your post accusing them was pretty salty.

Pakistani Firm Shipped Fentanyl Analogs, Scams to US – Krebs on Security

BrianKrebs May 18, 2025

@GreekFrenchMontana IDK. It appears to have been launched by a botnet that anyone can hire. But yes, it comes after some strange things going on with that story URL in Google, which has hidden the story completely.

https://infosec.exchange/@briankrebs/114512527951494345

BrianKrebs (@[email protected])

Weirdly, this story appears to now be buried in Google. If you search on the headline in Google (Pakistani Firm Shipped Fentanyl Analogs, Scams to US) you will see tons of places linking to my story, and you will see tags from the story. I don't see this behavior for any other story of mine on the homepage of KrebsOnSecurity.com now. But the story itself is basically gone from Google's search results. Gee, I wonder how that happened?

Infosec Exchange

Bytebro 🇬🇧 🇺🇦 🇬🇱May 17, 2025

@briankrebs
If someone wants you offline that badly, I guess that means you're doing something right. Kudos!

syn May 17, 2025

@briankrebs jesus, just throw almost a full AMSIX at the site

SpaceLifeForm May 17, 2025

Clearly, you are doing something right.

Martin Habets Jun 2, 2025

@briankrebs this highlights the good work people like @cloudflare and @Google Shield are constantly doing behind the scenes.

sb arms & legs Jun 28, 2025

@briankrebs
Congrats! What an honour! Keep up the great work, pissing off the elite!