Cloudflare has reported the mitigation of the largest documented distributed denial-of-service (DDoS) attack, which reached a peak of 3.8 terabits per second (Tbps). This attack formed part of a campaign targeting various sectors, including internet, financial services, and telecommunications.
The assault was made up of over 100 separate hyper-volumetric DDoS attacks, which persisted for a month and inundated network infrastructure with excessive data.
In a volumetric DDoS attack, the objective is to flood the target with large amounts of data, overwhelming bandwidth, and exhausting the resources of applications and devices. This action typically renders services inaccessible to legitimate users. The attacks directed at network infrastructure (specifically at network and transport layers L3/4) recorded packet rates exceeding two billion packets per second (pps) and data transfer rates surpassing three terabits per second.
Russia concentration of infected devices for mammoth DDoS attack
Cloudflare’s research identified that the compromised devices involved in the attacks were concentrated primarily in Russia, with other clusters present in Vietnam, the US, Brazil, and Spain. The campaign utilised a range of compromised devices, including MikroTik systems, Asus home routers, digital video recorders (DVRs), and web servers.
The connectivity cloud company managed to mitigate all DDoS attacks autonomously, with the specific attack that peaked at 3.8 Tbps lasting 65 seconds in total. The analysis indicated that the network of compromised devices predominantly employed the User Datagram Protocol (UDP) on a fixed port. This protocol allows for rapid data transfers without the need for establishing a formal connection.
The past record for mitigating the largest volumetric DDoS attack was held by Microsoft, with a peak of 3.47 Tbps, targeting a customer using Azure services in Asia. Attackers usually bank on large networks of compromised devices, known as botnets, or employ methods to amplify the data sent to targets, which can involve fewer systems.
Akamai, a cloud computing firm, released a report this week, confirming that recently identified vulnerabilities in the Common Unix Printing System (CUPS) within Linux could serve as a potential vector for DDoS attacks. After conducting scans of the public internet to identify systems vulnerable to CUPS, Akamai discovered that over 58,000 systems were exposed to DDoS threats due to this security issue.
Further testing revealed that several vulnerable CUPS servers would repeatedly send responses after receiving initial requests, with some appearing to continue indefinitely in response to HTTP/404 messages. These servers generated substantial numbers of requests to Akamai’s testing systems, highlighting the potential for amplification through the exploitation of the CUPS vulnerabilities.