OVHcloud slammed with 840M PPS DDoS Attack via MikroTik Routers

TLDR:

OVHcloud faced a record-breaking DDoS attack reaching 840 million packets per second in April 2024.
The attack combined a TCP ACK flood and a DNS reflection attack using MikroTik routers.

French cloud computing firm OVHcloud recently announced that they successfully mitigated a massive distributed denial-of-service (DDoS) attack in April 2024, reaching a packet rate of 840 million packets per second (Mpps). This attack broke the previous record of 809 million Mpps reported by Akamai targeting a European bank in June 2020.

The attack was a combination of a TCP ACK flood originating from 5,000 source IPs and a DNS reflection attack leveraging around 15,000 DNS servers to amplify the traffic. OVHcloud noted that 2/3 of the total packets entered from only four points of presence, located in the U.S. This incident highlights the adversary’s capability to send a huge packet rate through a few peerings, which can pose significant challenges.

OVHcloud has observed a notable increase in DDoS attacks both in frequency and intensity since 2023, with attacks exceeding 1 terabit per second (Tbps) becoming more common. The company has witnessed an increase in DDoS attacks using packet rates greater than 100 Mpps, with many stemming from compromised MikroTik routers.

These routers, numbering over 99,000 and accessible over the internet, run on outdated versions of the operating system, making them vulnerable to known security flaws in RouterOS. It’s suspected that threat actors are exploiting the Bandwidth test feature of the operating system to conduct attacks.

By hijacking just 1% of the exposed devices into a DDoS botnet, adversaries could theoretically launch layer 7 attacks reaching 2.28 billion packets per second (Gpps). MikroTik routers have been previously used to build botnets like Mēris and for botnet-as-a-service operations, indicating potential for more powerful attacks in the future.

The rise of packet rate attacks poses a new challenge for anti-DDoS infrastructures. OVHcloud’s Sebastien Meriot warned that botnets capable of issuing billions of packets per second could challenge the way DDoS defenses are built and scaled. This incident underscores the importance of addressing security vulnerabilities in networking devices to prevent such attacks in the future.

Post Views: 68

Latest from Blog

SDCOE praised for leadership, support, and innovation in cybersecurity

TLDR: San Diego County Grand Jury commends SDCOE for leadership in cybersecurity in K-12 education SDCOE provides resources, guidance, and cybersecurity solutions to county school districts A recent report by the San

EU’s tough cyber rules threaten massive fines and business suspensions

TLDR: The EU’s NIS 2 becomes enforceable on Oct. 17, imposing tougher cyber regulations on companies. Companies could face hefty fines or service suspensions for violations under the new law. Companies in

Financial sector prime target for DDoS attacks, Akamai study finds

TLDR: – Financial services sector remains the top target for DDoS attacks for the second consecutive year – APJ region faces significant cybersecurity challenges with a high threat score for phishing A

Watch out for serverless architecture’s cybersecurity risks for businesses

Serverless Architecture and Cybersecurity Risks TLDR: Move towards serverless architecture presents new security challenges Threat actors are exploring vulnerabilities in serverless environments Today’s cybersecurity landscape is rapidly evolving with the adoption of

Ivanti alerts on exploited CSA vulnerability in recent cyber attacks

Article Summary TLDR: Ivanti warns of critical Cloud Services Appliance (CSA) flaw being exploited in attacks Threat actors are exploiting CVE-2024-8963 admin bypass vulnerability to access restricted functionality Ivanti Warns of Another

Beware Vanilla Tempest hackers target healthcare sectors, Microsoft alerts

TLDR: Vanilla Tempest, a ransomware group, is targeting healthcare organizations in the US using a new ransomware strain called “INC.” The attackers use tools like Supper backdoor, AnyDesk, and MEGA to further

Internet baffled by mysterious ‘Noise Storms’ stumping experts

TLDR: Internet intelligence firm GreyNoise has been tracking large waves of “Noise Storms” containing spoofed internet traffic since January 2020 The purpose and origin of these noise storms, suspected to be covert

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Evergy chooses OneLayer Bridge for private LTE network management and security

TLDR: Evergy has selected OneLayer Bridge for private LTE network management and security in a multi-year deal. The platform will help manage and secure thousands of devices on Evergy’s private LTE network,

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives

Suggestions

OVHcloud slammed with 840M PPS DDoS Attack via MikroTik Routers

TLDR:

Latest from Blog