Record-Breaking 3.8 Tbps DDoS Attacks Target Global Sectors

During a recent distributed denial-of-service (DDoS) campaign, organizations in the financial services, internet, and telecommunications sectors were targeted with a series of hyper-volumetric attacks. These attacks, designed to overwhelm network infrastructure, peaked at 3.8 terabits per second (Tbps), making it the largest publicly recorded DDoS attack to date. Over a month-long period, attackers launched more than 100 DDoS attacks, flooding the target networks with an immense volume of data.

A volumetric DDoS attack works by overwhelming the target’s resources—such as bandwidth or application infrastructure—with an enormous amount of illegitimate traffic. This leaves the target unable to function properly, preventing legitimate users from accessing services. During these attacks, the target’s network is bombarded with massive amounts of data, causing a denial of service to actual users. Attackers typically aim the attack at the network and transport layers (L3/L4) of the target’s infrastructure. In this specific campaign, many of the attacks exceeded two billion packets per second (pps) and surpassed three Tbps in traffic.

Record-Breaking 3.8 Tbps DDoS Attacks Target Global Sectors

Cloudflare, a leading internet infrastructure company, was responsible for mitigating these DDoS attacks. The firm reported that the largest attack, which peaked at 3.8 Tbps, lasted for 65 seconds. Cloudflare’s systems were able to autonomously defend against all the attacks, ensuring that the targeted infrastructure did not suffer long-term outages.

The attackers spread the devices involved in the attack across various countries, with a significant number located in Russia, Vietnam, the U.S., Brazil, and Spain. The attackers also had compromised multiple types of devices, including Asus home routers, Mikrotik systems, digital video recorders (DVRs), and web servers. These compromised devices formed a botnet—a network of infected devices—used to carry out the attack.

A key factor in the effectiveness of this DDoS campaign was the use of the User Datagram Protocol (UDP) on a fixed port. UDP is a communication protocol that enables fast data transfers but does not require establishing a formal connection. This makes it particularly attractive for DDoS attackers as it allows for the rapid flooding of a target’s resources without the need for complex communication protocols.

See Also: The Rise of Malware on Android: Necro Malware Infects Over 11 Million Devices

Microsoft holds the previous record for the largest volumetric DDoS attack, which defended against a 3.47 Tbps attack aimed at an Azure customer in Asia. The latest attack, peaking at 3.8 Tbps, has now set a new record for the largest DDoS attack mitigated in the public domain.

In a related report, the cloud computing company Akamai confirmed that attackers could exploit recently disclosed vulnerabilities in the Common Unix Printing System (CUPS) on Linux systems for future DDoS attacks. Akamai discovered over 58,000 vulnerable systems that attackers could target in DDoS campaigns by exploiting these security flaws. The company’s research showed that compromised CUPS servers could repeatedly respond to requests, amplifying the attack and increasing its impact.

This wave of DDoS attacks underscores the growing sophistication of cybercriminals and the increasing need for robust cybersecurity defences, especially as more devices and systems become interconnected globally. Organizations need to enhance their security protocols and remain vigilant to mitigate the potential impact of such massive DDoS attacks.