A distributed denial-of-service (DDoS) campaign targeted organizations in the financial services, internet, and telecommunications sectors with an unprecedented peak attack of 3.8 terabits per second (Tbps).
This volumetric assault, the largest publicly recorded to date, involved over 100 hyper-volumetric DDoS attacks that inundated the targeted networks with an overwhelming amount of junk data over the course of a month. These attacks are designed to overwhelm the bandwidth and resources of targeted systems, leaving legitimate users unable to access services.
The attacks primarily focused on the network infrastructure, specifically targeting the network and transport layers (L3/4). Many of these strikes exceeded two billion packets per second (pps) and three terabits per second in volume.
The attack leveraged a global botnet consisting of various compromised devices such as Asus routers, MikroTik systems, DVRs, and web servers, which were located across multiple countries including Russia, Vietnam, the U.S., Brazil, and Spain. The aim was to flood the network with UDP traffic, a protocol known for fast, connectionless data transfers.
Record-Breaking 3.8 Tbps DDoS Attack Targets Financial, Internet, and Telecom Sectors, Amplified by Global Botnet
Cloudflare, a major internet infrastructure company, successfully mitigated all of these attacks autonomously. The attack peaking at 3.8 Tbps lasted for 65 seconds, setting a new record. Previously, Microsoft held the record for defending against the largest volumetric DDoS attack, which peaked at 3.47 Tbps and targeted an Azure customer in Asia.
The Cloudflare report highlights how the attackers relied on vast networks of compromised devices, commonly referred to as botnets, to amplify the attack traffic.
Separately, a cloud computing company, Akamai, revealed that recently disclosed vulnerabilities in Linux’s Common Unix Printing System (CUPS) could also serve as vectors for DDoS attacks. After scanning the public internet for vulnerable systems, Akamai identified more than 58,000 systems exposed to potential exploitation.
These vulnerabilities could allow threat actors to launch amplification attacks, where a small amount of data sent to the vulnerable servers is magnified into a much larger volume of traffic aimed at the target.
Testing by Akamai showed that compromised CUPS servers could flood systems with repeated requests, potentially leading to endless loops of data amplification.
Some servers sent thousands of requests in response to the initial test signals, highlighting the significant threat posed by exploiting these vulnerabilities. This revelation underscores the growing complexity and scale of DDoS attacks and the importance of securing devices against such exploits.
