Operational technology (OT) targeted in “world record” 3.8 Tb/s distributed denial of service  (DDoS).

Egyptian River Floods

What’s the craic? Ionut Ilascu reports: Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps

“Month-long barrage”
During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, … attacks peaked at 3.8 terabits per second. … Previously, Microsoft held the record for defending against the largest volumetric DDoS attack of 3.47 Tbps.
…
The assault consisted of a “month-long” barrage of more than 100 hyper-volumetric DDoS attacks flooding the network infrastructure with garbage data. … Cloudflare [said] the infected devices were spread across the globe [and] leveraged multiple types of compromised devices, which included a large number of Asus home routers, Mikrotik systems, DVRs, and web servers.

What’s at stake? Lucian Constantin mentions a different study: DDoS attacks are increasingly targeting critical infrastructure

“41,000 DDoS attacks every day”
Critical infrastructure sectors including banking, financial services, government, and public utilities, … experienced a 55% increase in distributed denial-of-service (DDoS) attacks over the past four years. [A] Netscout report found that many of these attacks use different vectors, targeting both the application and network layers, and some are intentionally kept small to fall under the typical mitigation thresholds of upstream service providers.
…
Critical infrastructure, also known as operational technology (OT) has been an increasingly urgent focus of the security industry as attacks against power plants, water systems, and other essential systems continue to rise. … Increased hacktivist activities, some of them originating in Russia, have been primarily responsible for a 43% increase in application layer attacks during the first six months of 2024 compared to the same period in 2023, … with an average of around 41,000 DDoS attacks every day.

Horse’s mouth? Cloudflare researchers Manish Arora, Shawn Bohrer, Cody Doucette, Omer Yoachimik, Alex Forster and Nick Wood: World record 3.8 Tbps DDoS attack

“Exceptionally large volumes of traffic”
The scale and frequency of these attacks are unprecedented. Due to their sheer size and bits/packets per second rates, these attacks have the ability to take down … Internet properties that … don’t have sufficient network capacity or global coverage to be able to handle these volumes alongside legitimate traffic without impacting performance.
…
This attack campaign targets bandwidth saturation as well as resource exhaustion … orchestrated to work in tandem and flood the target with exceptionally large volumes of traffic. … The high bitrate attacks appear to originate from a large number of compromised ASUS home routers, likely exploited using a … Critical vuln­er­a­bi­lity that was recently discovered.

The lesson is: Stop using obsolete routers (and install the damn patches if still available). harrys has another idea:

If only OpenWrt could be installed on them. More *****y e-waste otherwise.

But Cloudflare, though. Should we believe the hype? theideaofcoffee eyerolls furiously:

I try to be positive in my comments as much as I can. Whenever the subject of DDoS mitigation by Cloudflare comes up, and it seems like they’re always tooting their own horn, I struggle to be impressed. … These capa­bil­ities are available at such commodity prices nowadays it’s hardly worth the effort of a full page blog post.

Although hyperbole can still be a wakeup call. Uncivil Servant certainly took notice:

I recently installed Ubuntu on an old [PC]. At first I wasn’t worried. … But turning infected computers into proxies made me take notice. That’s a genuinely serious risk for anyone in an area with fast connections. [I] hadn’t thought of it as a resource for someone else to hijack.

What’s this about DVRs being part of the botnet? u/toabear clarifies we’re talking about security cameras:

DVRs are often exposed on port 8080. They rarely get updates and after the Log4j thing, a bunch of them were compromised. Many small business have no idea how to even update their DVR systems.

The attack surface is vast. will4 neatly illustrates the point:

Opened wifi on mobile device at a friend’s home recently and there was a LG dishwasher, an internet connected oven and other devices nearby within maybe 100 feet. Not to mention 20 or more routers and other devices—many of which will not have any firmware updates after 5 years.

Meanwhile, why doth walth wail?

Meanwhile, it’s going on two weeks that a large volumetric amplification attack has been coming from Cloudflare itself against systems I manage. … You’d expect a company like Cloudflare, which positions itself as a defender against DDoS and similar threats, to take action much more quickly when they’re part of the problem.

And Finally:

Me? Ow.

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: stevepj2009 (cc:by; leveled and cropped)