Cloudflare Mitigates Historic World Record 3.8Tbps DDoS Attack!
Internet infrastructure provider Cloudflare says it mitigated a record-breaking distributed denial-of-service (DDoS) attack that reached 3.8Tbps. This represents the largest publicly recorded volumetric DDoS attack to date.
This attack targeted critical sectors
Volumetric DDoS attacks, as in this case, flood the target's bandwidth or exhaust its resources, making applications, devices, or network systems unreachable to legitimate users. In this instance, many of the attacks reached up to two billion packets per second (pps) and over three Tbps, specifically affecting layers 3 and 4 of the network and transport infrastructure.
Cloudflare successfully mitigated these attacks and reported that the infected devices forming the botnet included Asus routers, MikroTik systems, DVRs, and web servers. These devices were spread across multiple countries, including Russia, the U.S., Vietnam, Brazil, and Spain, using the User Datagram Protocol (UDP) on fixed ports, which allows fast data transmission without establishing formal connections. The attack that peaked at 3.8 Tbps lasted 65 seconds before being mitigated.
Prior to this, Microsoft held the record for the largest DDoS defense, having defended against a 3.47 Tbps volumetric attack on an Azure customer in Asia.
Amplification attacks like these often leverage botnets or specific vulnerabilities to maximize the volume of data sent. A new vulnerability in Linux’s CUPS (Common UNIX Printing System) was highlighted as a potential vector for future DDoS attacks. Akamai's research revealed that over 58,000 publicly exposed systems were vulnerable to exploitation of the CUPS flaw, capable of generating high-amplification responses that could significantly impact future DDoS campaigns.
Types of DDoS Attacks
Distributed Denial of Service (DDoS) attacks can be categorized into three main types: volumetric attacks, protocol attacks, and resource layer attacks.
Recommended by LinkedIn
Cyber-attackers may use a combination of these types to maximize damage. For instance, an attack might start as one type and evolve into or combine with others to amplify its impact on the target system.
Furthermore, each category contains a variety of attack methods, with the frequency of new cyber threats continuing to rise as attackers become more advanced.
How to Detect and Respond to a DDoS Attack
Although there isn’t a single method to detect a DDoS attack, there are a few telltale signs your network might be under assault:
Modern security software can assist in identifying potential threats
How to Prevent DDoS Attacks
Prevention is the best defense. Having a well-prepared process in place before a cyberthreat emerges is critical for detecting and addressing attacks promptly.
Here are some key steps to prepare:
By implementing the right products, processes, and services, your business will be better equipped to respond when an attack is detected.
DDoS Protection
To better protect your network from future attacks, consider the following actions:
A proactive approach to DDoS protection is essential for safeguarding your business from evolving cyber threats.
Cybersecurity Analyst
2moThis is definitely incredible, wow.
OK Boštjan Dolinšek
Instructor, JNR Div. Infantry, Army.
2moWell done Cloudflare!
Passionate Account Executive @ interos.ai | AI Supply Chain Risk Management. Helping federal government manage their supply chain risk powered by AI.
2moKudos to CloudFlare for mitigating that DDoS attack.
Technical Content Marketer | B2B SaaS & MSP Marketing | Ex-Network Engineer | LinkedIn Certified Marketing Insider
2moSo they basically saved the internet