Cloudflare has successfully mitigated a staggering 5.6 terabits per second (Tbps) DDoS attack, setting a new record and underscoring the escalating threat posed by hyper-volumetric assaults. The incident, attributed to a botnet variant of Mirai, involved approximately 13,000 Internet of Things (IoT) devices and targeted an East Asian Internet Service Provider (ISP) on October 29, 2024. This unprecedented attack has brought to light the critical necessity for organizations to reassess and enhance their cybersecurity posture amid an increasingly hostile digital landscape.
In its recent DDoS Threat Report for the fourth quarter of 2024, Cloudflare outlines significant trends in DDoS attacks over the past year. The report highlights a notable increase in both the volume and intensity of attacks, noting a previous large-scale incident of 3.8 Tbps just weeks prior. The latest attack, despite its overwhelming size, was swiftly mitigated within 80 seconds using Cloudflare’s autonomous defense systems, illustrating the advancing sophistication of cyber threats.
The report further reveals a concerning rise in hyper-volumetric attacks exceeding 1 Tbps, showing a staggering 1,885% increase in their frequency quarter-over-quarter. Throughout 2024, Cloudflare recorded around 21.3 million DDoS attacks, averaging nearly 4,870 attacks every hour. The spike in attacks surpassing 100 million packets per second (pps) also rose by 175%. Such high-bandwidth attacks pose serious challenges to traditional defense mechanisms.
A particularly alarming trend in Q4 2024 was the 78% quarter-over-quarter increase in Ransom DDoS attacks. Cybercriminals are increasingly weaponizing DDoS attacks as tools for extortion, targeting vulnerable businesses during high-traffic periods. This tactic underscores the necessity for organizations to not only deploy responsive measures but also formulate robust preventive strategies against such threats.
The report has cataloged various types of DDoS attacks, including Layer 3 and Layer 4 attacks, such as SYN floods and DNS floods, alongside the more common HTTP DDoS attacks. While established botnets were the primary source of these HTTP attacks, Cloudflare notes the emergence of new attack techniques involving spoofing legitimate browser signatures and employing non-standard HTTP attributes, indicating the evolving tactics of threat actors.
Geographically, Indonesia was identified as the leading source of DDoS activity, with Hong Kong and Singapore alongside China becoming notable targets as well. Industries most affected included Telecommunications, Service Providers, and Carriers, which were particularly vulnerable in Q4, highlighting a preference for sectors dealing with large-scale data transmission.
Despite the prevalence of smaller attacks, with 63% of HTTP DDoS incidents not exceeding 50,000 requests per second, the rise of novel attack vectors remains a significant concern. Dramatic increases in attacks utilizing Memcached and BitTorrent protocols, reported at 314% and 304% respectively, suggest that threat actors are continuously adapting to exploit emerging vulnerabilities.
In consideration of these trends, Cloudflare’s report calls for organizations to adopt proactive DDoS mitigation strategies. It emphasizes the importance of understanding the evolving landscape of DDoS threats and investing in robust solutions to effectively counter the unprecedented scale and complexity of contemporary cyber attacks. This ongoing dialogue on cybersecurity is crucial for business owners who must navigate these multifaceted risks.
Within the context of the MITRE ATT&CK framework, tactics such as initial access may have been employed to compromise the IoT devices used in the recent attack, while techniques for privilege escalation and lateral movement could explain the remarkable coordination of the botnet. As cyber threats continue to evolve, staying informed and prepared is essential for safeguarding today’s digital infrastructure.
