Cloudflare Mitigates Massive 5.6 Tbps Mirai-Variant DDoS Attack

Cloudflare mitigates a record-breaking 5.6 Tbps DDoS attack, highlighting the growing threat of hyper-volumetric assaults. Learn about the latest DDoS trends and the growing need to strengthen the security posture of your organization.

In its latest research report, Cloudflare reveals Distributed Denial-of-Service attack (DDoS attack) trends observed in the fourth quarter of 2024, drawing comparisons to previous quarters and the entire year.

The Cloudflare DDoS Threat Report for Q4 2024 highlights a significant surge in both the volume and intensity of DDoS attacks observed throughout the year. Cloudflare revealed that it successfully mitigated a record-breaking 5.6 terabits per second (Tbps) DDoS attack launched by a Mirai-variant botnet in the fourth quarter of 2024 comprising 13,000 IoT devices. The attack targeted an East Asian Internet Service Provider (ISP) on October 29th.

Previously, Cloudflare mitigated a 3.8 Tbps DDoS attack in October 2024. The latest unprecedented attack, which lasted only 80 seconds and was promptly mitigated by Cloudflare’s autonomous defence systems, highlights the escalating sophistication and scale of DDoS threats.

Furthermore, the report reveals a dramatic increase in hyper-volumetric attacks exceeding 1 Tbps. Cloudflare’s report revealed a whopping 53% increase in the frequency of DDoS attacks throughout 2024, with the company blocking approximately 21.3 million attacks – an average of 4,870 attacks per hour. Attacks exceeding 1Tbps surged by a staggering 1,885% quarter-over-quarter, while those exceeding 100 million packets per second (pps) increased by 175%. These high-bandwidth attacks overwhelm conventional defences.

The fourth quarter also witnessed a disturbing trend: a 78% quarter-over-quarter increase in Ransom DDoS attacks. Cybercriminals are increasingly leveraging DDoS attacks as a tool for extortion, targeting businesses during peak seasons.

Cloudflare identified the prevalence of various attack types, including Layer 3/Layer 4 attacks (such as SYN floods, DNS floods, and UDP floods) and HTTP DDoS attacks. While known botnets were the primary source of HTTP attacks, Cloudflare documented attacks employing techniques such as spoofing legitimate browsers and utilizing unusual HTTP attributes.

Regarding the geographical distribution of attacks, Indonesia emerged as the leading source, followed by Hong Kong Singapore and China being the most attacked country. The analysis further identified the most impacted industries, pointing out the Telecommunications, Service Providers, and Carriers sectors as the primary target in Q4.

While the majority of attacks remained relatively small, with 63% of HTTP DDoS attacks not exceeding 50,000 requests per second and 93% of network-layer attacks not exceeding 500 Mbps, the emergence of new attack vectors presents a significant concern. Cloudflare observed a substantial increase in Memcached (314%) and BitTorrent (304%) DDoS attacks, highlighting the adaptability of threat actors in exploiting new vulnerabilities.

Cloudflare’s report emphasises the necessity of proactive DDoS protection strategies and the need for organizations to understand the evolving nature of DDoS threats and invest in solutions to effectively mitigate unprecedented scale and complexity attacks.

1. The Mirai Botnet: what it is and What it has done
2. Matrix Hackers Deploy New IoT Botnet for DDoS Attacks
3. Mirai-Inspired Gorilla Botnet Hits Targets in 100 Countries
4. Mirai-based NoaBot Botnet Hits Linux Systems with Cryptominer
5. Panamorfi DDoS Attack Exploits Misconfigured Jupyter Notebooks