Cloudflare Mitigates Record-Breaking 3.8 Tbps DDoS Attack Targeting Critical Sectors
Cloudflare announced it has mitigated the largest publicly recorded distributed denial-of-service (DDoS) attack ever, peaking at 3.8 terabits per second (Tbps). This month-long attack campaign primarily targeted organisations in the financial services and telecommunications sectors. According to Cloudflare, the campaign aimed to cause "bandwidth saturation as well as resource exhaustion of in-line applications and devices."
The attack consisted of over 100 hyper-volumetric DDoS assaults that sought to overwhelm targets with large amounts of data, disrupting services and preventing legitimate users from accessing them. Many of these attacks exceeded 3 Tbps and two billion packets per second, focusing on saturating the network and transport layers.
Cloudflare researchers traced the attacks to a global network of compromised devices, with notable concentrations in Russia, Vietnam, Brazil, Spain and the United States. The threat actors behind the campaign used a variety of compromised hardware, including Asus home routers, web servers, MikroTik systems and digital video recorders (DVRs). Cloudflare stated, "The high packet rate attacks appear to originate from multiple types of compromised devices, orchestrated to flood the target with exceptionally large volumes of traffic." The high bitrate attacks, on the other hand, appeared to stem from a large number of compromised ASUS home routers, likely leveraging a recently discovered critical vulnerability (CVE 9.8).
Despite the intensity of the attack, Cloudflare managed to autonomously mitigate all of the attempts, including a 65-second surge that peaked at 3.8 Tbps, the largest on record. Prior to this, Microsoft held the previous record with a 3.47 Tbps DDoS attack that targeted an Azure customer in Asia in November 2021. That attack originated from approximately 10,000 sources across multiple countries and lasted for 15 minutes, followed by two more significant assaults in December 2021.
Linux DDoS Vulnerability
In related security news, cloud computing firm Akamai highlighted potential new DDoS vectors through a series of vulnerabilities found in the Common Unix Printing System (CUPS) on Linux systems. Akamai identified over 58,000 vulnerable systems exposed to DDoS attacks via the CUPS exploit. Further testing showed that hundreds of these servers could be made to send repeated requests back to the attacker after receiving an initial query, with some continuing indefinitely in response to HTTP/404 errors.
CUPS, widely used on Linux and Unix-like systems, includes a component called the cups-browsed daemon, which listens on UDP port 631 and searches for network printers. If enabled, this daemon allows remote connections to create new printers. Akamai warned that by exploiting vulnerabilities in cups-browsed (CVE-2024-47076, CVE-2024-47175 and CVE-2024-47177), attackers could create malicious PostScript Printer Description (PPD) printers. These could trick users into printing from them, which would then execute harmful commands embedded in the PPD file on the vulnerable machine.
While patches for these vulnerabilities are still under development, Red Hat has advised system administrators to disable the cups-browsed service and prevent it from starting at reboot to mitigate the risk. This temporary measure breaks the exploit chain and protects systems until comprehensive patches are available.
At PSP Outsourced IT, we understand the complexities and challenges that come with cybersecurity threats. With over 16 years of experience as one of the UK's leading digital transformation consultants and a team of 34 in-house IT experts, we are uniquely positioned to help your organisation prevent or navigate these challenges, so let's talk.