InfoSecBulletin Cybersecurity for mankind
French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks.
According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, larger packets.
CISA warns active exploit of Zimbra & Ivanti endpoint manager Vulns
A summary of “2024 State of Cybersecurity survey” by ISACA
ISACA reveals
64% of Australian cybersecurity professionals feel increasing stress
Researchers detected 31 new Malware in September
CRI Release New Ransomware Response Guidance
ALERT
Over 700,000 Routers Vulnerable to Hack for 14 security flaws
Patch it now!
Critical Zimbra RCE flaw exploited: Needs Immediate Patching
CISA Warns
Network switch RCE flaw impacts critical infrastructure
CISA reveals 2 Industrial Control Systems Advisories
DataDog research
Hackers to exploit Docker, Kubernetes & SSH Servers large scale
“We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit,” OVHcloud notes.
In April this year, the largest packet rate attack peaked at around 840 million packets per second (pps), breaking the previous record of 809 Mpps set in 2021.
OVHcloud has noticed a significant increase in DDoS attacks with packet rates above 100 Mpps in the last six months.
Threat actors usually use DDoS attacks to overwhelm a target’s bandwidth (network-layer attacks) or resources (application-layer attacks), but now packet rate assaults are becoming more common.
“We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps,” OVHcloud says.
The cloud provider said that the majority of the traffic in the record attack was made up of TCP ACK packets from around 5,000 IPs.
The company investigated and found that the attackers used MikroTik routers, specifically the CCR1036-8G-2S+ and CCR1072-1G-8S+ models. There are about 100,000 CCR devices connected to the internet, with approximately 40,000 of them being these two models.
According to OVHcloud, if a threat actor can control all these devices and turn them into a botnet, the botnet could potentially generate 2.28 billion packets per second (or Gpps).
Following a steady increase in frequency over the past year and a half, large network-layer attacks are also a normal occurrence now, the cloud provider reports.
Mirai botnet was the first to exceed 1 Tbps in 2016. Records of 3.47 Tbps and 2.5 Tbps were set in 2022. DDoS attacks over 1 Tbps are now common.
“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week). The highest bit rate we observed during that period was ~2.5 Tbps,” OVHcloud notes.
In October last year, the industry saw some of the biggest Layer 7 DDoS attacks ever. They used the ‘HTTP/2 Rapid Reset’ zero-day vulnerability to launch record-breaking assaults, with the largest reaching 398 million requests per second.
