The largest ever DDoS attack has just been blocked – here’s how it was done

Cloudflare has claimed to have recently mitigated the biggest Distributed Denial of Service (DDoS) attack in history.

In a company blog post, Cloudflare outlined how, throughout September 2024, an unnamed threat actor targeted multiple customers in the financial services, internet, and telecommunication industries, among others.

Without naming any specific targets, Cloudflare said that the attack campaign targeted bandwidth saturation, as well as resource exhaustion of in-line applications and devices.

Bots across the world

The attack included “over one hundred hyper-volumetric L3/4 DDoS attacks”, many of which exceeded 2 billion packets per second (Bpps), and 3 terabits per second (Tbps).

A hyper-volumetric L3/4 DDoS attack is a type of DDoS attack targeting layers 3 (network) and 4 (transport) of the OSI model (framework that standardizes network communication). It overwhelms the target’s bandwidth or network infrastructure with massive amounts of traffic, often using techniques like UDP floods or TCP SYN floods. The goal is to exhaust the resources of the target system, making it unavailable to legitimate users.

Of all the attacks, one stood out – when it peaked at 3.8 Tbps. This is, according to Cloudflare, “the largest ever disclosed publicly by any organization.” It predominantly leveraged UDP on a fixed port, the company said, and originated from across the globe. The majority of the endpoints used in the attack came from Vietnam, Russia, Brazil, Spain, and the US.

Detection and mitigation was all automatic, Cloudflare says. It added that the key reason why it was able to tackle it was because the company has servers across the world, which essentially water down incoming botnet traffic.

Generally, DDoS attacks are done via botnets – vast networks of compromised endpoints such as routers, smart home devices, and similar. These attacks included traffic from MikroTik devices, DVRs, and web servers, as well as compromised ASUS home routers, which were likely exploited using a CVE 9.8 (Critical) vulnerability that was recently discovered by Censys.

Before this one, the largest-ever observed DDoS attack was 3.47 Tbps strong, and was mitigated by Microsoft in November 2021.

Via PCMag

This sneaky Linux malware went undetected for years, and is using all-new attack tacticsHere’s a list of the best firewall software around todayThese are the best endpoint security tools right now

Related posts

Google Whisk is a new way to create AI visuals using image prompts –here’s how to try it

These are the companies using AI-driven dynamic pricing the most – and the top users probably won’t surprise you

Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More