French cloud computing company OVHcloud has declared of mitigating a record-breaking Distributed Denial-of-Service (DDoS) attack in April 2024, which reached a packet rate of 840 million packets per second (Mpps).
This attack on OVHCloud effectively broke the previous record of 809 million Mpps reported from Akamai, which targeted a major European bank in June 2020.
The DDOS attack suffered by OVHCloud
The 840 Mpp DDoS attack suffered by OVHCloud is believed to be a combination of a flood of TCP ACK packets from 5,000 source IPs and a DNS reflection attack that leveraged approximately 15,000 DNS servers to amplify traffic.
“Although the attack was distributed globally, 2/3 of the total packets entered from only four points of presence, all located in the United States, with 3 of them on the West Coast.“, has observed the French company OVHcloud, adding: “This highlights the adversary’s ability to send a huge rate of packets through only a few peerings, which can be very problematic..”
The French company said it had observed a significant increase in DDoS attacks in both frequency and intensity starting in 2023, adding that those reaching beyond 1 terabit per second (Tbps) have become a regular occurrence.
“Over the past 18 months, we have gone from 1Tbps+ attacks being rare, to weekly, to almost daily (average over a week)“, said Sebastien Meriot of OVHcloud. “The highest bit rate we observed during that period was around 2.5 Tbps.”
The OVHCloud attack? It’s a DDoS attack with some peculiarities
Unlike typical DDoS attacks that rely on sending a flood of junk traffic to targets with the goal of exhausting available bandwidth, Packet rate-based attacks work by overloading the packet processing engines of network devices close to the destination, such as load balancers.
Data collected by the company shows that DDoS attacks leveraging packet rates above 100 Mpps have seen a sharp increase over the same period, with many of them coming from compromised MikroTik Cloud Core Router (CCR) devices. As many as 99,382 MikroTik routers are accessible on the internet.
These routers, in addition to exposing an administration interface, run on outdated versions of the operating system, making them susceptible to known security vulnerabilities in RouterOS; cybercriminals are suspected are likely exploiting the operating system’s bandwidth testing feature to perform the attacks.
The enormous power of the DDoS attack suffered by the French company
It is estimated that even hijacking 1% of exposed devices in a DDoS botnet could theoretically give adversaries enough capability to throw level 7 attacks reaching 2.28 billion packets per second (Gpps).
It is worth noting at this point that MikroTik routers have been used to build powerful botnets like Mēris and even launch botnet-as-a-service operations.
“Depending on the number of compromised devices and their actual capabilities, this could be a new era for packet-rate-based attacks: with botnets possibly capable of emitting billions of packets per second, could seriously challenge the way anti-DDoS infrastructures are built and sized“, Meriot said.
Similar attacks have occurred in the past
Over the past few years, several other cases of record-breaking DDoS attacks have attracted attention; for example, in March 2018, GitHub suffered a attack DDoS that reached 1.35 Tbps, using a Memcached amplification technique.
In September 2020, Amazon Web Services (AWS) mitigated an attack that peaked at 2.3 Tbps, becoming one of the largest attacks ever recorded; in February 2023, Microsoft announced of having handled a DDoS attack that reached 3.47 Tbps, a new record at the time.
These incidents highlight a growing trend in the frequency and intensity of DDoS attacks, reflecting the need for increasingly robust and sophisticated security infrastructures to protect online resources.
#OVHCloud #Attack #million #packets
