InfoSecBulletin Cybersecurity for mankind
French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks.
According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, larger packets.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
“We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit,” OVHcloud notes.
In April this year, the largest packet rate attack peaked at around 840 million packets per second (pps), breaking the previous record of 809 Mpps set in 2021.
OVHcloud has noticed a significant increase in DDoS attacks with packet rates above 100 Mpps in the last six months.
Threat actors usually use DDoS attacks to overwhelm a target’s bandwidth (network-layer attacks) or resources (application-layer attacks), but now packet rate assaults are becoming more common.
“We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps,” OVHcloud says.
The cloud provider said that the majority of the traffic in the record attack was made up of TCP ACK packets from around 5,000 IPs.
The company investigated and found that the attackers used MikroTik routers, specifically the CCR1036-8G-2S+ and CCR1072-1G-8S+ models. There are about 100,000 CCR devices connected to the internet, with approximately 40,000 of them being these two models.
According to OVHcloud, if a threat actor can control all these devices and turn them into a botnet, the botnet could potentially generate 2.28 billion packets per second (or Gpps).
Following a steady increase in frequency over the past year and a half, large network-layer attacks are also a normal occurrence now, the cloud provider reports.
Mirai botnet was the first to exceed 1 Tbps in 2016. Records of 3.47 Tbps and 2.5 Tbps were set in 2022. DDoS attacks over 1 Tbps are now common.
“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week). The highest bit rate we observed during that period was ~2.5 Tbps,” OVHcloud notes.
In October last year, the industry saw some of the biggest Layer 7 DDoS attacks ever. They used the ‘HTTP/2 Rapid Reset’ zero-day vulnerability to launch record-breaking assaults, with the largest reaching 398 million requests per second.
