InfoSecBulletin Cybersecurity for mankind
French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks.
According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, larger packets.
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
“We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit,” OVHcloud notes.
In April this year, the largest packet rate attack peaked at around 840 million packets per second (pps), breaking the previous record of 809 Mpps set in 2021.
OVHcloud has noticed a significant increase in DDoS attacks with packet rates above 100 Mpps in the last six months.
Threat actors usually use DDoS attacks to overwhelm a target’s bandwidth (network-layer attacks) or resources (application-layer attacks), but now packet rate assaults are becoming more common.
“We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps,” OVHcloud says.
The cloud provider said that the majority of the traffic in the record attack was made up of TCP ACK packets from around 5,000 IPs.
The company investigated and found that the attackers used MikroTik routers, specifically the CCR1036-8G-2S+ and CCR1072-1G-8S+ models. There are about 100,000 CCR devices connected to the internet, with approximately 40,000 of them being these two models.
According to OVHcloud, if a threat actor can control all these devices and turn them into a botnet, the botnet could potentially generate 2.28 billion packets per second (or Gpps).
Following a steady increase in frequency over the past year and a half, large network-layer attacks are also a normal occurrence now, the cloud provider reports.
Mirai botnet was the first to exceed 1 Tbps in 2016. Records of 3.47 Tbps and 2.5 Tbps were set in 2022. DDoS attacks over 1 Tbps are now common.
“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week). The highest bit rate we observed during that period was ~2.5 Tbps,” OVHcloud notes.
In October last year, the industry saw some of the biggest Layer 7 DDoS attacks ever. They used the ‘HTTP/2 Rapid Reset’ zero-day vulnerability to launch record-breaking assaults, with the largest reaching 398 million requests per second.
