October 3, 2024 at 12:15PM
A recent DDoS campaign targeted financial, internet, and telecommunications sectors, resulting in a record 3.8 Tbps volumetric attack. The assault comprised 100 hyper-volumetric attacks, overwhelming network infrastructure and primarily leveraging compromised devices in various countries. Cloudflare autonomously mitigated the attacks, with UDP-based transfers and CUPS vulnerabilities posing ongoing threats.
Key Takeaways from Meeting Notes:
– The largest publicly recorded volumetric DDoS attack targeted organizations in the financial services, internet, and telecommunications sectors, peaking at 3.8 terabits per second.
– The attack consisted of a “month-long” barrage of more than 100 hyper-volumetric DDoS attacks, overwhelming network infrastructure with garbage data.
– The attack targeted network infrastructure (network and transport layers L3/4) and exceeded two billion packets per second (pps) and three terabits per second (Tbps).
– The infected devices behind the campaign were spread across the globe, with many located in Russia, Vietnam, the U.S., Brazil, and Spain.
– Cloudflare successfully mitigated all the DDoS attacks, including the one peaking at 3.8 Tbps which lasted 65 seconds.
– The threat actor leveraged multiple types of compromised devices, including Asus home routers, Mikrotik systems, DVRs, and web servers.
– The attack mainly used the User Datagram Protocol (UDP) on a fixed port and targeted an Azure customer in Asia.
Additionally, the meeting notes mentioned that the CUPS vulnerabilities in Linux could potentially be exploited for DDoS attacks, with more than 58,000 systems exposed to such attacks. Vulnerable CUPS servers showed significant potential for amplification from exploiting the CUPS flaws.
Let me know if you need any further information or analysis.