Cloudflare, a supplier of security and online performance services, claims to have discovered and handled the world’s largest volumetric distributed denial-of-service (DDoS) attack, which peaked at 17.2 million requests per second (RPS).
The attack was almost three times larger than any prior volumetric DDoS attack, accounting for 68 percent of Cloudflare’s daily average of 25 million HTTP requests per second of genuine traffic during the second quarter of the year. It reached a total of more than 330 million assault requests in a matter of seconds.
The attack was initiated by a Mirai-like botnet, which had over 20,000 bots in 125 countries issuing attack requests and was aimed at a financial institution. Indonesia accounted for about 15% of the traffic, while India and Brazil combined accounted for another 17%.
The botnet looks to have lost about 2,000 of its 30,000 bots, according to Cloudflare, but it is still capable of generating massive traffic surges in short periods of time (seconds).
The same botnet was utilised last week to perform an HTTP DDoS attack with a peak of around 8 million RPS. Another Mirai-variant botnet was responsible for “over a dozen UDP and TCP based DDoS operations that peaked many times above 1 Tbps, with a max peak of roughly 1.2 Tbps” two weeks ago, according to Cloudflare.
The amount of Mirari-based DDoS attacks has climbed dramatically in recent weeks, according to the security services provider. L3/4 attacks climbed by 88 percent in July, while L7 attacks increased by 9%. The business forecasts a 71 percent increase in L3/4 Mirai attacks and an 185 percent increase in L7 DDoS attacks by the end of August.
Mirai was first discovered in 2016 and was designed to attack Internet of Things (IoT) devices like CCTV cameras. Since then, other botnet variations have evolved, expanding the botnet’s target list to include Linux routers and servers, Android devices, and more.
While the malware’s earliest variations spread via unsecured Telnet ports 23 and 2323, brute-forcing known credentials like default usernames and passwords, newer versions also target publicly publicised vulnerabilities in IoT devices.