Cloudflare has revealed that they successfully defended against a massive distributed denial-of-service (DDoS) attack, reaching 3.8 terabits per second (Tbps) and lasting 65 seconds.
The company dealt with numerous hyper-volumetric L3/4 DDoS attacks exceeding 2 billion packets per second (Bpps) and 3 Tbps in the previous month.
The ongoing attacks since early September 2024 targeted customers in financial services, Internet, and telecommunication sectors without any specific attribution.
The previous largest volumetric DDoS attack recorded was 3.47 Tbps in November 2021, which targeted a Microsoft Azure customer in Asia.
The attacks utilized the User Datagram Protocol (UDP) on a fixed port, originating from various countries like Vietnam, Russia, Brazil, Spain, and the U.S., involving compromised devices like MikroTik, DVRs, and web servers.
Cloudflare mentioned that the high bitrate attacks could be linked to a botnet comprising infected ASUS home routers exploited using a known critical vulnerability (CVE-2024-3080).
Reports by Censys indicated over 157,000 potentially affected ASUS router models, mainly in the U.S., Hong Kong, and China.
The objective of the campaign, as per Cloudflare, is to overload the target’s network bandwidth and CPU resources to disrupt legitimate user access to the service.
The trend of increasing DDoS attacks continues, particularly on banking, financial services, and public utilities, with a significant surge in volumetric attacks observed in the first half of 2024.
The use of DNS-over-HTTPS (DoH) for command-and-control (C2) operations aims to enhance stealthiness in these attacks targeting global organizations.
Akamai highlighted the potential exploit of Common UNIX Printing System (CUPS) vulnerabilities in Linux for mounting DDoS attacks with a high amplification factor.
Organizations are recommended to take preventive measures like removing CUPS if not essential and firewalling service ports to mitigate the risk of DDoS attacks.
