DDoS attacks with volumes on the order of terabits are becoming more and more common due to two factors: insecure IoT devices, their use for broadband connections. Last week, Cloudflare automatically detected and mitigated an attack on its network that came close to 2Tbps – the largest detected so far, according to the company. Cloudflare did not say which of its customers was attacked: “This was a multi-vector attack combining DNS amplification attacks and UDP floods . The entire attack lasted just a minute. The attack was launched from approximately 15,000 bots running a variant of the original Mirai code on IoT devices and unpatched GitLab instances.
According to the company, in the last quarter there were several DDoS attacks with this pattern: “This attack confirms this trend of increasing intensity. Another key finding from our third quarter DDoS trends report was that DDoS attacks at the network layer increased 44% over the previous quarter. Although the fourth quarter is not yet over, we have once again seen several terabit attacks targeting customers.”
The GitLab instances captured in the botnet are affected by CVE-2021-22205, a critical vulnerability (CVS score of 10) that was fixed over six months ago, but which continues to expose tens of thousands of systems. Microsoft informed in August it mitigated a massive 2.4 Tbps attack originating from 70,000 sources worldwide. Last year, Amazon and Google said they mitigated DDoS attacks of 2.3 Tbps and 2.5 Tbps, respectively.