OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

July 5, 2024 at 09:07AM

OVHcloud recently thwarted a record-breaking DDoS attack, reaching a packet rate of 840 million packets per second. The attack utilized a TCP ACK flood from 5,000 source IPs and a DNS reflection attack from 15,000 DNS servers. Such attacks, including those leveraging compromised MikroTik routers, are becoming more frequent and intense, posing a significant challenge to anti-DDoS infrastructures.

Key takeaways from the meeting notes on the newsroom network security and DDoS attack:
1. OVHcloud faced a record-breaking DDoS attack in April 2024, reaching a packet rate of 840 million packets per second (Mpps), originating from 5,000 source IPs and leveraging 15,000 DNS servers for amplification.
2. 2/3 of the total attack packets entered from only four points of presence located in the U.S., with 3 of them being on the west coast.
3. There has been a significant uptick in DDoS attacks in terms of frequency and intensity, with attacks above 1 terabit per second (Tbps) becoming a regular occurrence.
4. Packet rate attacks are increasingly being leveraged, with an observed increase in DDoS attacks using packet rates greater than 100 Mpps, many emanating from compromised MikroTik Cloud Core Router (CCR) devices.
5. As many as 99,382 MikroTik routers are accessible over the internet, and these routers, running on outdated versions of the operating system, are susceptible to known security vulnerabilities.
6. The potential of hijacking compromised devices into a DDoS botnet to launch layer 7 attacks reaching 2.28 billion packets per second (Gpps) could challenge anti-DDoS infrastructures.
7. MikroTik routers have been leveraged in building potent botnets and for launching botnet-as-a-service operations.

The discussion highlights the increasing sophistication and frequency of DDoS attacks, the specific tactics used in recent attacks, and vulnerabilities in networking devices that are being exploited by threat actors.

Full Article