Security
Headlines
HeadlinesLatestCVEs

Headline

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (

The Hacker News
#vulnerability#web#microsoft#linux#ddos#dos#git#botnet#asus#The Hacker News

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.

The web infrastructure and security company said it fended off “over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps).”

The hyper-volumetric L3/4 DDoS attacks have been ongoing since early September 2024, it noted, adding they targeted multiple customers in the financial services, Internet, and telecommunication industries. The activity has not been attributed to any specific threat actor.

The previous record for the largest volumetric DDoS attack hit a peak throughput of 3.47 Tbps in November 2021, targeting an unnamed Microsoft Azure customer in Asia.

The attacks leverage the User Datagram Protocol (UDP) protocol on a fixed port, with the flood of packets originating from Vietnam, Russia, Brazil, Spain, and the U.S. These include compromised MikroTik devices, DVRs, and web servers.

Cloudflare said that the high bitrate attacks are likely emanating from a large botnet comprising infected ASUS home routers that are exploited using a recently disclosed critical flaw (CVE-2024-3080, CVSS score: 9.8).

According to statistics shared by attack surface management firm Censys, a little over 157,000 ASUS router models were potentially affected by the vulnerability as of June 21, 2024. A majority of these devices are located in the U.S., Hong Kong, and China.

The end goal of the campaign, per Cloudflare, is to exhaust that target’s network bandwidth as well as CPU cycles, thereby preventing legitimate users from accessing the service.

“To defend against high packet rate attacks, you need to be able to inspect and discard the bad packets using as few CPU cycles as possible, leaving enough CPU to process the good packets,” the company said.

“Many cloud services with insufficient capacity, as well as the use of on-premise equipment, are not sufficient to defend against DDoS attacks of this size, since the high bandwidth utilization that can clog up Internet links and due to the high packet rate that can crash in-line appliances.”

Banking, financial services, and public utilities are a hot target for DDoS attacks, having experienced a 55% spike over the past four years, per network performance monitoring company NETSCOUT. In the first half of 2024 alone, there has been a 30% increase in volumetric attacks.

The surge in frequency of DDoS attacks, primarily due to hacktivist activities targeting global organizations and industries, have also been coupled by the use of DNS-over-HTTPS (DoH) for command-and-control (C2) in an effort to make detection challenging.

“The trend of implementing a distributed botnet C2 infrastructure, leveraging bots as control nodes, further complicates defense efforts because it’s not just the inbound DDoS activity but also the outbound activity of bot-infected systems that need to be triaged and blocked,” NETSCOUT said.

The development comes as Akamai revealed that the recently disclosed Common UNIX Printing System (CUPS) vulnerabilities in Linux could be a viable vector for mounting DDoS attacks with a 600x amplification factor in mere seconds.

The company’s analysis found that more than 58,000 (34%) out of the roughly 198,000 devices that are accessible on the public internet could be enlisted for conducting DDoS attacks.

“The problem arises when an attacker sends a crafted packet specifying the address of a target as a printer to be added,” researchers Larry Cashdollar, Kyle Lefton, and Chad Seaman said.

“For each packet sent, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target. As a result, not only is the target affected, but the host of the CUPS server also becomes a victim, as the attack consumes its network bandwidth and CPU resources.”

It’s estimated that there are about 7,171 hosts that have CUPS services exposed over TCP and are vulnerable to CVE-2024-47176, Censys said, calling it an underestimate owing to the fact that “more CUPS services seem to be accessible over UDP than TCP.”

Organizations are advised to consider removing CUPS if printing functionality isn’t necessary and firewall the service ports (UDP/631) in cases where they’re accessible from the broader internet.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Ubuntu Security Notice USN-7042-3

Ubuntu Security Notice 7042-3 - USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

Ubuntu Security Notice USN-7043-4

Ubuntu Security Notice 7043-4 - USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

Ubuntu Security Notice USN-7042-2

Ubuntu Security Notice 7042-2 - USN-7042-1 fixed a vulnerability in cups-browsed. This update improves the fix by removing support for the legacy CUPS printer discovery protocol entirely. Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

Ubuntu Security Notice USN-7043-3

Ubuntu Security Notice 7043-3 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

Unix Printing Vulnerabilities Enable Easy DDoS Attacks

All an attacker needs to exploit flaws in the Common Unix Printing System is a few seconds and less than 1 cent in computing costs.

Decade-Old Linux Vulnerability Can Be Exploited for DDoS Attacks on CUPS

This article explores the Linux vulnerability discovered by Simone Margaritelli, which, according to cybersecurity companies Uptycs and Akamai,…

Ubuntu Security Notice USN-7043-2

Ubuntu Security Notice 7043-2 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

Debian Security Advisory 5778-1

Debian Linux Security Advisory 5778-1 - Simone Margaritelli reported several vulnerabilities in cups-filters. Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is started.

Ubuntu Security Notice USN-7043-1

Ubuntu Security Notice 7043-1 - Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

Ubuntu Security Notice USN-7042-1

Ubuntu Security Notice 7042-1 - Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print

Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177

TL;DR: All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations.Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177) within OpenPrinting CUPS, an open source printing system that is prevalent in most modern Linux distributions, including RHEL. Specifically, CUPS provides tools to manage, discover and share printers for Linux distributions. By chaining this group of vulnerabilities together, an a

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device,"