Cyber Crime
Kaveri 2.0 Portal Hit by Disruptions in Karnataka: Possible DDoS Attack Raises Concerns
In January 2024, Karnataka’s Kaveri 2.0 web portal, a crucial platform for property registrations, experienced frequent server crashes, bringing essential citizen services to a standstill. Authorities suspect a Distributed Denial of Service (DDoS) attack, which may have overwhelmed the system with malicious traffic.
Understanding a DDoS Attack
A DDoS attack is a cyber assault where attackers flood a website or online service with an excessive volume of traffic, causing it to crash or slow down significantly. Unlike traditional cyberattacks that originate from a single source, DDoS attacks utilize multiple compromised devices—often forming a botnet—to send overwhelming traffic to the target, disrupting its functionality.
Major DDoS Attacks in Recent History
Several large-scale DDoS attacks have crippled major platforms in the past:
- Dyn DDoS Attack (2016):A botnet of compromised IoT devices (such as routers and cameras) launched an attack on Dyn, a major DNS provider, causing outages on platforms like Twitter, Netflix, and Reddit.
- GitHub Attack (2018): GitHub endured one of the largest DDoS attacks ever recorded, peaking at 1.35 Tbps. The attack leveraged misconfigured memcached servers to amplify traffic, briefly knocking GitHub offline.
- AWS Attack (2020): Amazon Web Services faced an attack reaching 2.3 Tbps, one of the largest publicly disclosed DDoS attacks. AWS effectively mitigated the impact using its cloud security infrastructure.
- Cloudflare Attack (2021): Cloudflare successfully thwarted a 26 million request-per-second (RPS) attack, one of the largest HTTPS-based DDoS incidents at the time.
- Microsoft Azure Attack (2023): A record-breaking 3.47 Tbps DDoS attack targeted Microsoft Azure, using a botnet powered by compromised devices to disrupt enterprise services.
India’s Cybersecurity Measures
The Indian government has taken significant steps to strengthen its cybersecurity framework and combat rising cyber threats, including DDoS attacks:
1. Cybersecurity Policies & Regulations:
– In 2025, India introduced new cybersecurity regulations mandating data localization and enhanced data protection measures. The National Cyber Security Policy (2013) continues to serve as a strategic guideline for securing critical infrastructure.
2. Increased Budget for Cybersecurity:
– The Union Budget 2025 allocated over Rs 1,600 crore for cybersecurity initiatives, with substantial investments in CERT-In (Computer Emergency Response Team) and national infrastructure security programs.
3. Cybersecurity Agencies & Monitoring:
– The government has established CERT-In and NCIIPC (National Critical Information Infrastructure Protection Centre) to monitor cyber threats, coordinate response efforts, and secure key sectors like banking, telecom, and energy.
4. Skill Development Initiatives:
– India has launched training programs aimed at developing 500,000 cybersecurity professionals to strengthen the country’s cyber resilience.
Mitigating DDoS Attacks: The Way Forward
Organizations and governments can protect against DDoS attacks through advanced mitigation techniques:
- Traffic Filtering & AI-Based Detection:
– Deploys firewalls, intrusion detection systems (IDS), and AI-driven analysis to identify and block malicious traffic before it reaches the target.
-Example:Google Cloud Armor successfully mitigated a 46 million RPS attack in 2022 using real-time threat detection. - Rate Limiting & Load Balancing:
– Restricts excessive requests per user and distributes traffic across multiple servers to prevent overload.
– Example: Cloudflare’s rate limiting helped protect a European banking institution from HTTP flood attacks. - Bot Detection & CAPTCHAs:
– Uses behavioral analytics, CAPTCHA challenges, and browser fingerprinting to block bot-driven traffic.
– Example: GitHub strengthened security with CAPTCHA-based authentication after a 2015 DDoS attack by a China-based botnet. - Cloud-Based DDoS Protection & CDN Services:
– Content Delivery Networks (CDNs) absorb malicious traffic before it reaches critical infrastructure.
– Example: AWS Shield defended against a 2.3 Tbps attack (2020) by utilizing global CDN distribution and real-time mitigation. - Incident Response & Government Collaboration:
– Organizations must continuously monitor threats, conduct security audits, and work with cybersecurity agencies for rapid response.
– Example: Following the Kaveri 2.0 attack in Karnataka, authorities detected 6.2 lakh malicious requests in just two hours, prompting a cybercrime investigation and stricter security measures.
As cyber threats continue to evolve, robust security frameworks and proactive measures are essential to safeguarding critical online services and protecting users from large-scale cyber disruptions.