Cloudflare has successfully stopped a 3.8 terabit-per-second Distributed Denial of Service (DDoS) attack, marking the largest one publicly disclosed so far. Attacks were handled by Cloudflare’s systems without any human intervention, reflecting the strength of its autonomous defense technologies.
The massive event comes as part of a broader, sustained campaign that the company has been dealing with since early September. Over the past month, Cloudflare has mitigated over 100 hyper-volumetric attacks, many exceeding 2 billion packets per second. Attacks of this nature aim to overwhelm network resources, disrupting services for end users by exhausting bandwidth and CPU cycles.
A Spike in Attack Scale
Ongoing cyberattacks has affected multiple industries, including financial services, internet providers, and telecoms. One of the most striking aspects of the recent campaign has been the size and intensity of the traffic, with attackers targeting both network infrastructure and application resources.
The largest attack, recorded at 3.8 Tbps, highlights the increasing sophistication of such threats. Although, the DDoS was neutralized within seconds according to data published by Cloudflare.
The origins of these DDoS attacks are varied, with a considerable number of compromised devices being used as part of a botnet to flood targets with malicious traffic. Devices range from MikroTik routers and DVRs to ASUS home routers, which were exploited through a critical vulnerability discovered earlier this year. A large portion of the attack traffic has been traced to countries like Russia, Vietnam, Brazil, and the United States.
Attacks primarily use UDP packets, which are sent at high volumes to overwhelm network infrastructure. These packets are designed to exploit the vulnerabilities in networking hardware, causing services to slow or go offline entirely.
How Cloudflare Handled the Threat
Cloudflare’s defenses rely on its anycast network, which spreads traffic across numerous data centers worldwide. This distribution prevents the attack from overwhelming any single point in the system. Incoming traffic is routed to the nearest data center, which processes the data, filtering out malicious packets before they reach their intended destination.
The core of Cloudflare’s defense system is powered by real-time traffic analysis using technologies like XDP (eXpress Data Path) and eBPF (extended Berkeley Packet Filter). Both systems monitor incoming data, identifying attack patterns and blocking suspicious traffic at the network interface level, reducing the load on CPUs and ensuring that legitimate traffic isn’t disrupted.
Automated Protection for Cloudflare Customers
Customers using Cloudflare’s services, such as its web application firewall (WAF) or content delivery network (CDN), benefit from automatic protection against these kinds of attacks. Cloudflare’s Spectrum and Magic Transit services also offer additional protection for non-HTTP traffic.
The defenses kick in as soon as an attack is detected, with no need for manual intervention. For customers who are not using Cloudflare’s systems, such attacks can lead to significant outages and service degradation, especially when on-premise equipment or less resilient cloud infrastructure is involved.
Last Updated on November 7, 2024 2:40 pm CET
