OVHcloud, a well-known cloud provider, claimed that it successfully handled a record-breaking DDoS attack with a packet rate of 840 million packets per second (Mpps). According to Akamai, this beats the previous record of 809 million Mpps, set in June 2020 against a large European bank.
Packet rate DDoS attacks aim to crash the processing engines of networking devices near the target, effectively destroying infrastructure like anti-DDoS systems. According to the cloud provider, these attacks are successful because maintaining numerous small packets is more difficult than managing fewer, larger packets.
Using botnets, a number of attackers have demonstrated over the past ten years how simple it is to gather an army of zombie devices. Methods include using holes in CCTV systems, home routers, IoT devices, and phishing emails to attack computers with malware.
As stated by OVHcloud:
While the attack was distributed worldwide, 2/3 of total packets entered from only four [points of presence], all located in the U.S. with 3 of them being on the west coast. This highlights the capability of the adversary to send a huge packet rate through only a few peerings, which can prove very problematic.
The drop in cyberattacks happened in parallel with the 911 S5 Botnet’s dismantling in May 2024. However, it is unclear if this occurrence was the reason. High packet rate attacks are still quite common even if attack frequency has reverted to normal. Attack scenarios can involve packet processing or bandwidth-based distributed denial of service (DDoS) attacks.
OVHcloud Reports Rise in DDoS Attacks with High Packet Rates Caused by Compromised MikroTik Routers
The severity and frequency of DDoS attacks have increased significantly since 2023, according to the company. A typical scenario now is an attack that exceeds one terabit per second (Tbps). Due to their greater computational demands compared to bigger packets, attacks using smaller packets are especially successful.
In comparison to 0.85 Mpps with 1480-byte packets, a 10 Gbps attack using 84-byte packets creates around 14.88 million packets per second (Mpps). Because of this problem, OVHcloud created specialised networking equipment with FPGA and DPDK to improve DDoS mitigation.
Recent company data shows a considerable increase in DDoS attacks surpassing 100 million packets per second (Mpps), primarily from hacked MikroTik Cloud Core Router (CCR) devices. There are presently 99,382 MikroTik routers online that can be accessed online. A study revealed that the main problem with MikroTik routers is outdated firmware.
These devices can independently generate up to 14.8 Mpps, and you can find them at commercial ISPs and cloud providers all around Asia. Unexpectedly, more than 99,000 CCR devices—which can produce 4–12 Mpps each are available online, including types like CCR1036-8G-2S+ and CCR1072-1G-8S+.
The company issued a warning, saying that even a small number of compromised devices could grow into a botnet that may seriously jeopardise internet infrastructure by sending billions of packets every second.
Many devices are still vulnerable even after Mikrotik has repeatedly warned users to update RouterOS for increased protection. The fact that OVHcloud has not heard back from Mikrotik after reporting its findings highlights the continuous security vulnerabilities with this high-end networking equipment.
OVHcloud shared its findings to Mikrotik but did not get a response, underlining the continued security vulnerabilities with these high-performance networking devices.
According to estimates, attackers could execute layer 7 attacks capable of sending 2.28 billion packets per second (Gpps) if they were to take control of just 1% of devices that are exposed and turn them into a DDoS botnet.
It is important to keep devices updated with the latest firmware and software and, if possible, keep them off the public internet to prevent such malware attacks. Apply strong access restrictions to limit the visibility of network device interfaces on the internet. Additionally, use advanced DDoS mitigation services and solutions that can withstand attacks with high packet and bit rates.
Phishing Tackle’s real-world phishing simulation software and security awareness training programs help users learn how to prevent various types of cybercrime. Why not book a demo today to see how it can help you maintain that constant vigilance as you look for new creative ways to express your brand identity?