Gcore Fends Off Massive DDoS Attack Targeting Client’s CDN Infrastructure
In early January, Gcore successfully mitigated a significant cyber assault comprised of multiple Layer 3 and Layer 4 Distributed Denial-of-Service (DDoS) attacks that surged to a record peak of 650 Gbps. The attackers leveraged an extensive network of over 2,000 servers belonging to one of the world’s leading cloud service providers, targeting a client utilizing a free Content Delivery Network (CDN) plan. Thanks to Gcore’s robust infrastructure and numerous peering partnerships, the impacts of these attacks were neutralized, ensuring that the client’s web application remained online.
The gravity of these attacks lies not only in their unprecedented volume but also in their method of execution. Typically, volume-based DDoS attacks aim to saturate the bandwidth of their target, and this particular incident exceeded the average intensity of similar attacks by 60 times, reaching levels rarely seen in practice. While most attacks in this category hover around 10 Gbps, the 650 Gbps achieved in this case is noteworthy and draws parallels to other high-profile attacks, such as the massive 2.4 Tbps hit on a prominent Minecraft server.
The targeted client, operating on a standard CDN plan without enhanced DDoS protection, faced the brunt of the malicious traffic. However, Gcore’s advanced CDN infrastructure is designed to filter out harmful packets and manage the effects of such attacks. Effective traffic management means that even free plan users can benefit from substantial protection against DDoS attempts.
The DDoS incident itself unfolded over a brief period of 15 minutes, marked by a trio of distinct attacks. The primary assault—a UDP flood—consumed significant bandwidth by overwhelming the target with millions of unsolicited packets. Another vector involved a TCP ACK flood, which forces servers to process numerous empty packets, draining their resources. A final hybrid attack combined elements of both TCP and UDP, compounding the level of disruption.
A crucial aspect that aided Gcore’s defense was its extensive connectivity and peering arrangements with over 11,000 partners. These partnerships facilitate direct traffic absorption, bypassing the public internet and allowing for more efficient handling of DDoS traffic. During the attack, Gcore effectively routed the overwhelming majority of the malicious traffic through private connections with the cloud provider, significantly alleviating the pressure on public internet infrastructure and enhancing detection and filtering capabilities.
Additionally, Gcore’s large-scale deployment of more than 500 servers across multiple data centers contributed to its resilience. With a network capacity exceeding 110 Tbps, the company is well-equipped to handle extensive DDoS assaults. Even with traffic reaching 650 Gbps, the inherent architecture distributed the load across the network, minimizing the strain on individual servers.
As these cyber threats evolve, data indicates a troubling trend: DDoS attacks continue to rise in frequency and intensity. Gcore has reported that attacks have escalated from 300 Gbps in 2021 to 700 Gbps in 2022. This surge underlines the critical need for businesses—especially small and medium-sized enterprises—to embrace distributed CDN services to safeguard against increasingly sophisticated DDoS threats.
This incident not only highlights the capabilities of Gcore’s infrastructure but also serves as a stark reminder of the ever-present vulnerabilities businesses face in the cybersecurity landscape. Understanding these threats can enable organizations to better prepare and implement adequate protective measures. The complexities inherent in these attacks suggest that adversary tactics—aligned with techniques outlined in the MITRE ATT&CK framework—may include initial access, traffic manipulation, and resource exhaustion, amongst others. Businesses must remain vigilant and proactive in defending their digital assets against such daunting challenges.
