Cloudflare blocked a DDoS attack that lasted a month and peaked at 3.8 terabits per second: a world record.
For a month, cybercriminals attempted to cripple services and websites from the financial, telecommunications and Internet industries themselves with a DDoS attack. To do so, they collected rogue traffic that peaked at 3.8 terabits per second. This makes the DDoS attack the largest observed to date.
Cloudflare blocked the attack and collected data on its nature. The criminals used cracked devices worldwide to send the rogue packets for the DDoS attack, but the center of gravity was still in Russia and the US. A lot of traffic also came from Spain.
Poorly secured routers
The botnet behind the attack consisted mainly of (IoT) devices. Examples include cracked routers from Asus and Miktrotik, DVRs and Web servers. This again demonstrates the danger of poorly secured small devices on the Internet. Manufacturers and end users do not always take the security of such devices seriously enough, after which criminals can exploit them to cause harm to third parties.
In this case, Cloudflare was able to autonomously block the attack. The company still reports that the peak of the DDoS barrage lasted about 65 seconds. The previous most powerful attack in the world was blocked by Microsoft and targeted the Azure network. That had a strength of 3.47 terabits per second.