InfoSecBulletin Cybersecurity for mankind
French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks.
According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, larger packets.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
“We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit,” OVHcloud notes.
In April this year, the largest packet rate attack peaked at around 840 million packets per second (pps), breaking the previous record of 809 Mpps set in 2021.
OVHcloud has noticed a significant increase in DDoS attacks with packet rates above 100 Mpps in the last six months.
Threat actors usually use DDoS attacks to overwhelm a target’s bandwidth (network-layer attacks) or resources (application-layer attacks), but now packet rate assaults are becoming more common.
“We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps,” OVHcloud says.
The cloud provider said that the majority of the traffic in the record attack was made up of TCP ACK packets from around 5,000 IPs.
The company investigated and found that the attackers used MikroTik routers, specifically the CCR1036-8G-2S+ and CCR1072-1G-8S+ models. There are about 100,000 CCR devices connected to the internet, with approximately 40,000 of them being these two models.
According to OVHcloud, if a threat actor can control all these devices and turn them into a botnet, the botnet could potentially generate 2.28 billion packets per second (or Gpps).
Following a steady increase in frequency over the past year and a half, large network-layer attacks are also a normal occurrence now, the cloud provider reports.
Mirai botnet was the first to exceed 1 Tbps in 2016. Records of 3.47 Tbps and 2.5 Tbps were set in 2022. DDoS attacks over 1 Tbps are now common.
“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week). The highest bit rate we observed during that period was ~2.5 Tbps,” OVHcloud notes.
In October last year, the industry saw some of the biggest Layer 7 DDoS attacks ever. They used the ‘HTTP/2 Rapid Reset’ zero-day vulnerability to launch record-breaking assaults, with the largest reaching 398 million requests per second.
