Cloudflare Resisting Massive L3/4 DDoS Attack for a Whole Month

TapTechNews October 2nd news, Cloudflare stated today that its DDoS protection system has been resisting an extremely large-scale L3/4 DDoS attack since the beginning of September.

This attack has lasted for a whole month, including more than one hundred extremely large-scale attacks, among which the largest attack reached 3.8 Terabits per second (Tb/s) (about 460 Gigabytes per second (GB/s)), which is the largest publicly disclosed attack so far.

TapTechNews note: The purpose of a DDoS attack is to deny legitimate users access to services, and the main means is to deplete the resources required to provide services, including CPU resources and network bandwidth. The attacker needs to obtain or control a large number of devices (botnets) to generate the attack.

Cloudflare said that these attacks mainly utilize UDP on fixed ports and originate from various parts of the world. A relatively large amount of data comes from Vietnam, Russia, Brazil, Spain, and the United States.

This attack campaign is aimed at multiple customers in industries such as financial services, the Internet, and telecommunications. The goal of this attack campaign is bandwidth saturation and the depletion of resources of online applications and devices. High packet rate attacks seem to originate from multiple types of infected devices, including MikroTik devices, DVRs, and web servers, which work together to send a large amount of traffic to the target. High bit rate attacks seem to originate from a large number of infected ASUS home routers, possibly exploiting the recently discovered CVE-9.8 (severe) vulnerability by Censys.