Managed Security Services, Cybersecurity daily news

Record DDoS Attack Mitigated, But More Are on the Way

Share
A stark image of a locked down laptop with police tape across it, symbolizing the quarantine of a system following a severe malware attack

Cloudflare warded off a month-long hacking campaign that launched more than 100 distributed denial-of-service (DDoS) attacks, with the largest one reaching a record peak.

The L3/L4 DDoS attacks, which spanned the month of September and targeted multiple unnamed Cloudflare customers in such sectors as financial services, the internet, and telecommunications, at one point hit a record 3.8 terabits per second (Tbps) and 2.14 billion packets per second (Pps).

The 3.8 Tbps reached in the volumetric DDoS attack – one that overwhelms a website’s network with traffic to the point that legitimate traffic can’t get through, making it impossible for the site to do business – was more than Microsoft detected in late 2021, which reach a then-record-setting peak of 3.47 Tbps and a packet rate of 340 Pps.

Many of the other attacks exceeded 3 Tbps and 2 billion Pps.

“This attack campaign targets bandwidth saturation as well as resource exhaustion of in-line applications and devices,” the Cloudflare researchers wrote in a blog post, adding that the attacks came from systems around the world, including the United States, Vietnam, Russia, Brazil, and Spain.

The botnet used to launch the attack included a range of compromised devices, such as wired and wireless routers from Latvia company MikroTik, DVRs, and web servers. The high bitrate attacks originated from a large number of home routers by Asus, with the hacker likely exploiting a critical vulnerability discovered in June by cybersecurity firm Censys.

The researchers wrote that Cloudflare’s systems “were able to autonomously detect and mitigate these monstrous attacks without impacting performance for our customers.”

More Attacks on Their Way

That said, Cloudflare and other vendors, as well as MSSPs, need to prepare for more such attacks targeting customers coming in the future. Network security company NetScout, in its 1H 2024 DDoS Threat Intelligence Report released this week, said there was a 43% increase in the number of application-layer attacks and a 30% jump in volumetric attacks, adding that the attacks also are getting more sophisticated.

With internet connectivity continuing to grow and more devices coming online, the industry should expect the number, scale, and frequency of these attacks will only increase, according to Jason Soroko, Senior Fellow at security firm Sectigo.

“There’s no clear ceiling in sight as attackers find new methods to amplify their attacks,” Soroko told MSSP Alert. “Without significant improvements in cybersecurity practices and global cooperation to secure networks, this upward trend is likely to persist.”

There are myriad factors driving the growth in DDoS attacks. He pointed to the number of DDoS-for-hire services on the dark web – which allows bad actors to more easily launch such attacks by paying another group to use their technology – and the proliferation of unsecured IoT devices that can be exploited and pulled into large botnets.

“Attackers are motivated by various factors, including financial gain through extortion, disrupting competitors, political agendas, or simply causing chaos,” he said. “The low cost and high impact of these attacks make them an attractive tool for cybercriminals.”

NetScout researchers also pointed to new networks and the emergence of autonomous system numbers (ASNs).

Stephen Kowski, field CTOfor SlashNext Email Security+, told MSSP Alert that DDoS attacks also are surging due to geopolitical tensions and hacktivism, as well as DDoS-as-a-service platforms.

“Motivations range from financial extortion to political statements, with attackers exploiting the low-cost, high-impact nature of these attacks,” Kowski said.

Look to MSSPs and MSPs

The experts noted a number of steps organizations can take to protect their networks, including adopting anti-DDoS cloud-based services, regularly updating and patching connected devices, and deploying solutions that provide real-time threat intelligence and the automated detection and blocking of malicious network traffic.

In addition, Sokoro said that organizations should look to advanced protection tools that use AI and machine learning, which can detect and mitigate threats across multiple communication channels.

They also said that MSPs and MSSPs both play critical roles in protecting organizations by offering specialized expertise and services, advanced mitigation technologies, and real-time network monitoring.

“MSSPs can also help organizations develop and test incident response plans, ensuring they're prepared to handle attacks effectively,” Kowski said, adding that “they are more focused and accessible to most businesses who cannot afford the resources of a larger security organization.”