Cloudflare, a leading web security and performance company, has announced the successful mitigation of the largest publicly recorded Distributed Denial of Service (DDoS) attack ever. The attack, which reached a peak of 3.8 terabits per second (Tb/s), was detected and neutralized completely autonomously by the company’s protection systems.
An unprecedented campaign of attacks
Since early September, Cloudflare has been battling an intense campaign of hyper-volumetric DDoS attacks targeting network layers 3 and 4. During this period, the company mitigated over one hundred large-scale DDoS attacks, many of which exceeded 2 billion packets per second and 3 Tb/s.
The record-breaking 3.8 Tb/s attack lasted for 65 seconds and was part of this broader campaign. Another notable attack reached 2.14 billion packets per second for 60 seconds.
Attackers’ objectives and methods
The attacks were primarily targeted at Cloudflare customers in the financial services, Internet, and telecommunications sectors. The goal of these attacks was to saturate the bandwidth and deplete the resources of the victims’ online applications and devices.
Most attacks utilized the User Datagram Protocol (UDP) on a fixed port and originated from various points around the world, with a significant concentration in Vietnam, Russia, Brazil, Spain, and the United States.
Attack infrastructure
Cloudflare researchers identified that the high-speed packet attacks seemed to originate from a variety of compromised devices, including:
- MikroTik devices
- Digital video recorders (DVRs)
- Web servers
On the other hand, high-speed bit attacks apparently originated from a large number of compromised ASUS home routers, possibly exploited through a recently discovered critical vulnerability.
How Cloudflare mitigated the attacks
Cloudflare’s ability to handle attacks of this magnitude is due to several key factors:
- Global Anycast network: Distributes attack traffic across multiple data centers worldwide, diluting its impact.
- Real-time signature generation: Uses packet sampling and heuristic analysis to identify attack patterns and create dynamic mitigation rules.
- XDP and eBPF technology: Enables efficient packet processing at the kernel level, minimizing resource consumption.
- Autonomous detection and mitigation system: Each Cloudflare server runs the full DDoS protection stack, enabling a fast and coordinated global response.
Implications for Internet security
This incident underscores the increasing sophistication and scale of DDoS attacks, as well as the importance of having robust and adaptable security infrastructures. Cloudflare’s ability to automatically mitigate an attack of this magnitude demonstrates advancements in DDoS defense technologies.
However, it also serves as a warning to organizations that may not have similar protections. The unprecedented scale and frequency of these attacks suggest that unprotected Internet properties or those relying on local solutions or cloud providers with limited capabilities could face significant disruptions from similar threats. Source: Cloudflare