In a remarkable demonstration of its capabilities, Cloudflare has announced the successful mitigation of a staggering distributed denial-of-service (DDoS) attack that reached an unprecedented peak of 3.8 terabits per second (Tbps) and lasted for 65 seconds. This incident marks the largest DDoS attack on record, showcasing the escalating challenges faced by online services.
A Surge of Hpyer-Volumetric Attacks
Cloudflare revealed that throughout September 2024, the company thwarted over one hundred hyper-volumetric L3/4 DDoS attacks, many of which surpassed 2 billion packets per second (Bpps) and 3 Tbps. These aggressive attacks primarily targeted sectors including financial services, telecommunications, and the Internet. Notably, the origin of these attacks has not been linked to any specific threat actor.
The previous record for the largest volumetric DDoS attack was set in November 2021, reaching 3.47 Tbps against an unnamed Microsoft Azure client in Asia. The surge in attacks signifies a concerning trend as cybercriminals leverage increasingly sophisticated techniques.
The Mechanics Behind the Attack
The recent attacks utilized the User Datagram Protocol (UDP) on fixed ports, with a massive influx of packets originating from countries such as Vietnam, Russia, Brazil, Spain, and the United States. Compromised devices, including MikroTik routers, DVRs, and web servers, were instrumental in launching this deluge of traffic.
Cloudflare suspects that these high-bit-rate attacks are largely powered by a substantial botnet comprising infected ASUS home routers. These routers are reportedly exploited through a recently discovered critical vulnerability (CVE-2024-3080), which carries a CVSS score of 9.8.
Statistics from attack surface management firm Censys indicate that over 157,000 ASUS router models may be affected by this vulnerability, with a significant number located in the United States, Hong Kong, and China.
The Goal of DDoS Campaigns
According to Cloudflare, the primary objective of such campaigns is to exhaust the target’s network bandwidth and CPU resources, thereby preventing legitimate users from accessing essential services. “To counteract high packet rate attacks, organizations must efficiently inspect and discard malicious packets while conserving CPU resources to process legitimate traffic,” the company explained.
Many cloud services and on-premises equipment may lack the capacity to effectively defend against DDoS attacks of this magnitude, risking high bandwidth consumption that can saturate Internet links.
The Rising Threat to Key Industries
Sectors such as banking, financial services, and public utilities have increasingly become prime targets for DDoS attacks, experiencing a staggering 55% increase over the past four years, according to network performance monitoring firm NETSCOUT. Notably, in the first half of 2024 alone, volumetric attacks have surged by 30%.
The uptick in DDoS incidents is partly attributed to hacktivist activities aimed at disrupting global organizations. Additionally, attackers are employing DNS-over-HTTPS (DoH) for command-and-control (C2) functions, complicating detection and mitigation efforts.
NETSCOUT highlighted the complexities posed by a distributed botnet C2 infrastructure, stating, “It’s not only about inbound DDoS activity; we must also address the outbound traffic from infected systems that needs to be filtered and blocked.”
New Vulnerabilities Introduced
In a related development, Akamai has identified vulnerabilities within the Common UNIX Printing System (CUPS) in Linux, which could serve as an effective vector for executing DDoS attacks with a potential 600x amplification factor. Their analysis uncovered that over 58,000 devices—approximately 34% of the nearly 198,000 publicly accessible CUPS devices—could be weaponized for DDoS purposes.
Akamai researchers explained, “When an attacker sends a crafted packet indicating a target’s address to be added as a printer, the vulnerable CUPS server will produce a larger, partially attacker-controlled IPP/HTTP request aimed at the specified target. This not only impacts the target but also drains the bandwidth and CPU resources of the CUPS server host.”
Current estimates suggest around 7,171 hosts running CUPS services over TCP are vulnerable to CVE-2024-47176, although this number may be conservative due to potentially greater exposure over UDP.
Recommendations for Organizations
In light of these developments, organizations are urged to consider disabling CUPS services if printing capabilities are not essential. Additionally, firewalling service ports (UDP/631) is recommended for any CUPS services accessible from the broader internet to enhance security and mitigate potential DDoS threats.
As DDoS attacks continue to evolve, proactive measures and robust cybersecurity strategies are vital for protecting critical online services and infrastructure.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Google Pixel Devices to Combat 2G Exploits and Baseband Attacks