HomeCyberSecurity NewsOVHcloud Experiences Unprecedented 840 Million PPS DDoS Attack Leveraging MikroTik Routers

OVHcloud Experiences Unprecedented 840 Million PPS DDoS Attack Leveraging MikroTik Routers

French cloud computing firm OVHcloud reported that they dealt with a massive distributed denial-of-service (DDoS) attack in April 2024, reaching a packet rate of 840 million packets per second (Mpps).

This surpassed the previous record of 809 million Mpps recorded by Akamai targeting a European bank in June 2020.

The attack involved a TCP ACK flood from 5,000 source IPs and a DNS reflection attack using approximately 15,000 DNS servers to amplify the traffic.

OVHcloud noted that while the attack was distributed globally, the majority of the packets came from four locations in the U.S., with three on the west coast. This highlighted the adversary’s ability to send a high packet rate through a few connections, posing significant challenges.

OVHcloud observed a rise in both frequency and intensity of DDoS attacks since 2023, with attacks exceeding 1 terabit per second (Tbps) becoming more common.

Sebastien Meriot from OVHcloud stated, “In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily, with the highest observed bit rate being ~2.5 Tbps.”

Unlike typical DDoS attacks that flood targets with junk traffic, packet rate attacks overload networking devices’ packet processing engines close to the destination, like load balancers.

Data collected by OVHcloud shows a rise in DDoS attacks with packet rates over 100 Mpps, many originating from compromised MikroTik Cloud Core Router (CCR) devices, with around 99,382 accessible online.

These routers, running on outdated OS versions, are vulnerable to known RouterOS security flaws. Threat actors may be using the OS’s Bandwidth test feature to launch attacks.

Hijacking just 1% of these devices into a DDoS botnet could potentially enable adversaries to launch layer 7 attacks reaching 2.28 billion packets per second (Gpps).

MikroTik routers have been exploited to build potent botnets like Mēris and for botnet-as-a-service operations.

Meriot warned, “With the capability to issue billions of packets per second, this could usher in a new era for packet rate attacks, challenging anti-DDoS infrastructures significantly.”



Please enter your comment!
Please enter your name here

Latest News