Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

Avatar
Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated
[[{“value”:”

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date.

The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated from a Mirai-variant botnet.

“The attack lasted only 80 seconds and originated from over 13,000 IoT devices,” Cloudflare’s Omer Yoachimik and Jorge Pacheco said in a report.

That said, the average unique source IP address observed per second was 5,500, with the average contribution of each IP address per second around 1 Gbps.

The previous record for the largest volumetric DDoS assault was also reported by Cloudflare in October 2024, which peaked at 3.8 Tbps.

Cloudflare also revealed it blocked approximately 21.3 million DDoS attacks in 2024, a 53% increase from 2023, and that the amount of attacks exceeding 1 Tbps grew by 1,885% quarter-over-quarter. In the fourth quarter of 2024 alone, as many as 6.9 million DDoS attacks were mitigated.

Some of the other notable statistics observed during Q4 2024 are listed below –

Known DDoS botnets accounted for 72.6% of all HTTP DDoS attacks
The top three most common Layer 3/Layer 4 (network layer) attack vectors were SYN floods (38%), DNS flood attacks (16%), and UDP floods (14%)
Memcached DDoS attacks, BitTorrent DDoS attacks, and ransom DDos attacks witnessed a 314%, 304%, and 78% QoQ increase, respectively
About 72% of HTTP DDoS attacks and 91% of network layer DDoS attacks end in under ten minutes
Indonesia, Hong Kong, Singapore, Ukraine, and Argentina were the largest sources of DDoS attacks
China, the Philippines, Taiwan, Hong Kong, and Germany were the most attacked countries
Telecommunications, internet, marketing, information technology, gambling were the most attacked sectors

The development comes as cybersecurity companies Qualys and Trend Micro revealed that offshoots of the notorious Mirai botnet malware are targeting Internet of Things (IoT) devices by exploiting known security flaws and weak credentials to use them as conduits for DDoS attacks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Disciplinary and special ed records of Toronto students may have leaked in PowerSchool breach

Next Post

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Related Posts

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

The North Korea-aligned threat actor known as Kimsuky has been linked to a series of phishing attacks that involve sending email messages that originate from Russian sender addresses to ultimately conduct credential theft. "Phishing emails were sent mainly through email services in Japan and Korea until early September," South Korean cybersecurity company Genians said. "Then, from mid-September,
Avatar
Read More

THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 – Dec 1)

Ever wonder what happens in the digital world every time you blink? Here's something wild - hackers launch about 2,200 attacks every single day, which means someone's trying to break into a system somewhere every 39 seconds. And get this - while we're all worried about regular hackers, there are now AI systems out there that can craft phishing emails so convincingly, that even cybersecurity
Avatar
Read More

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
Avatar
Read More