BrianKrebsMay 17, 2025

I am reliably informed by Google Shield that my site krebsonsecurity.com on Monday was the target of the biggest DDoS attack Google has ever had to deal with, clocking in at ~6.3 Tbps. This is not quite a record; apparently, an attack Cloudflare had to deal with in April is the largest known DDoS to date -- at ~6.5 Tbps.

It's been a while since we've seen a big DDoS. For reference, this one was about 10x the size of the Mirai botnet attack that launched a record DDoS against my site in 2016, knocking it offline for nearly 4 days until I got the site behind Google Sheild.

I'll know more in a bit. Below is the CF blog about their April attack.

https://blog.cloudflare.com/ddos-threat-report-for-2025-q1/#hyper-volumetric-attacks-continue-spill-into-q2

Targeted by 20.5 million DDoS attacks, up 358% year-over-year: Cloudflare’s 2025 Q1 DDoS Threat Report

DDoS attacks are surging. In 2025 Q1, Cloudflare blocked +20M attacks (a 358% YoY spike) along with 5.6 Tbps and 4.8 Bpps record-breaking attacks. And that's just the beginning. Read more in our latest DDoS Threat Report.

The Cloudflare Blog
Show threadNicole ParsonsMay 17, 2025

@briankrebs

Attacks of that size are often funded. "Hacks for hire" outfits.

Wonder who paid for this one?

https://www.forbes.com/sites/emilsayegh/2025/03/11/how-hack-for-hire-mercenaries-are-reshaping-cybersecurity-crime/

How ‘Hack For Hire’ Mercenaries Are Reshaping Cybersecurity Crime

Governments, corporations and even individuals can now rent hackers like they would a consulting firm, making cyberattacks more accessible than ever.

Forbes
Show threadKevin Karhan May 17, 2025

@Npars01 and even then to me this looks more like a "bad" #PR stunt to me.

It's the digital equivalent of kids shooting paintballs at a parked cop car in a monsoon rain and that got only noticed retroactively...

  • I just think it's wasteful to #DDoS @briankrebs 's website because it's only a #blog, he doesn't pay any #ransom, is extremely well protected and outage of it doesn't generate the same public or financial pressure compared to businesses and governmental institutions.

Like even if they had succeeded, what would've been the outcome? Maybe line that reads: "Congrats Kiddo, you just wasted thousands if not millions of dollars worth in Monero just to create an outage of a tiny blog. Go give yourself a star in your exercise book!"

  • Someone just had more money than sense I guess...
Kevin Karhan :verified: (@[email protected])

@[email protected] TBH, I think #DDoS'ing *your blog* is kinda wasteful beyond *"#BraggingRights"* because it's not only *well protected* but the amount of damage / revenue by #blackmailing they could expect is just zero. - I mean, it shure is a way to get *your attention* but that doesn't mean any #BlackHat should *ask for that*! But there are thousands if not millions of weaker targets they could've attacked. - Seems like the [muggers from Crocodile Dundee](https://www.youtube.com/watch?v=qi0G0b1dNzE) *but dumber* cuz they try to puncture your tires but you're sitting in a tracked tank. Pretty shure had #Google not told you or anyone else you would not have even noticed it.

Infosec.Space
Show threadNicole ParsonsMay 17, 2025

@kkarhan @briankrebs

Too many tech lords are petty & vindictive.

Brian Krebs is spending money to protect a blog with the very company that hates everything he stands for

"Make it Expensive" to get privacy & security is part of the objective in a fascist movement

Peter Thiel spent millions to bankrupt Gawker
https://www.forbes.com/sites/mattdrange/2019/12/23/best-stories-of-the-decade-behind-peter-thiels-plan-to-destroy-gawker/

Lawmakers spend fortunes on private security against MAGA wingnuts
https://www.businessinsider.com/lawmakers-spent-thousands-on-security-after-capitol-insurrection-records-2021-4

https://www.axios.com/2022/02/16/congress-spending-personal-security

What happens for those who can't afford it?

Best Stories Of The Decade: “Behind Peter Thiel’s Plan To Destroy Gawker”

We're republishing our greatest work from the past 10 years, including this real-life whodunnit that revealed how Peter Thiel extinguished Gawker.

Forbes
Show threadKevin Karhan 

@Npars01 good question.

I do acknowledge that @briankrebs is in a very privilegued position and #Google keeps him as client because dropping him would be a #PR-Nightmare.

  • My guess is that @torproject / #Tor will be the only option for those without money or "rank" to flex
May 17, 2025 at 8:30amWeb