- Cloudflare says it blocked a 5.6 Tbps DDoS attack in October 2024
- The attack came from a Mirai botnet.
- It included 13,000 IPs and lasted 80 seconds.
Cloudflare said it recently blocked the largest distributed denial of service (DDoS) attack ever recorded.
In a blog post, the company said that in late October 2024, its defense mechanisms blocked a 5.6 Tbps UDP (User Datagram Protocol) DDoS attack. To put things into perspective, the (now) second largest DDoS attack in history was 3.8 Tbps, also blocked by Cloudflare, also in October 2024.
The company said the attack was launched by a Mirai variant botnet and targeted an Internet service provider (ISP) in East Asia.
Shorter but more violent
The attack was said to last just over a minute (80 seconds) and involved more than 13,000 Internet of Things (IoT) devices.
As attackers change their strategies to better adapt to a changing DDoS threat landscape, attacks have generally become shorter but more intense and frequent.
Despite its destructive potential, the attack caused no damage, Cloudflare said, as both detection and mitigation were completely autonomous.
“It required no human intervention, did not trigger any alerts, and did not cause any performance degradation,” Cloudflare said. “The systems worked as intended.”
The researchers also emphasized that while the total number of unique source IP addresses was around 13,000, the average number of unique source IP addresses per second was 5,500. Each of the 13,000 IP addresses contributed less than 8 Gbps per second, while the average contribution of each IP address per second was around 1 Gbps (~0.012% of 5.6 Tbps).
Mirai is one of the most infamous botnets out there. Its source code was leaked in 2017, after which different threat actors started creating their own variants. Nowadays, Mirai and its variants often make headlines, targeting different organizations with large-scale DDoS attacks. Just this week, security researchers observed two variants, ‘gayfemboy’ and ‘Murdoc Botnet’.
