Severity
High
Analysis Summary
Researchers recently reported blocking the largest-ever distributed denial-of-service (DDoS) attack, which peaked at 5.6 Tbps. The attack, conducted on October 29, 2024, targeted an unnamed internet service provider (ISP) in Eastern Asia. Originating from a Mirai-variant botnet, the UDP-based attack involved over 13,000 IoT devices and lasted only 80 seconds.
According to the Researcher, With an average of 5,500 unique IP addresses contributing approximately 1 Gbps each, the scale and speed of the attack underscored the evolving threat of IoT-based DDoS campaigns. This milestone surpasses the previous record of 3.8 Tbps, which was reported earlier in the same month.
In 2024, Researchers blocked approximately 21.3 million DDoS attacks, reflecting a 53% increase from 2023. Attacks exceeding 1 Tbps rose dramatically by 1,885% quarter-over-quarter. In Q4 alone, 6.9 million DDoS attacks were mitigated, with 72% of HTTP-based and 91% of network-layer attacks ending in under 10 minutes. Known DDoS botnets were responsible for 72.6% of all HTTP DDoS activity, while the most common Layer 3/Layer 4 attack vectors included SYN floods (38%), DNS floods (16%), and UDP floods (14%). Additionally, certain DDoS attack methods, such as Memcached, BitTorrent, and ransom-based assaults, saw significant quarterly increases of 314%, 304%, and 78%, respectively.
Geographically, Indonesia, Hong Kong, Singapore, Ukraine, and Argentina emerged as the largest sources of DDoS attacks, while China, the Philippines, Taiwan, Hong Kong, and Germany were the most targeted countries. The telecommunications, internet, marketing, information technology, and gambling sectors faced the highest volumes of attacks, highlighting the vulnerability of critical infrastructure and industries. The researcher’s findings reflect the growing sophistication and scale of DDoS campaigns, posing a significant challenge to global cybersecurity efforts.
The researcher revealed and emphasized the role of Mirai botnet variants in exploiting IoT vulnerabilities. These offshoots leverage known security flaws and weak credentials to command IoT devices, turning them into conduits for massive DDoS attacks. The surge in IoT-based botnet activity underscores the urgent need for stronger IoT device security measures to mitigate the risks posed by such large-scale attacks.
Impact
- DDoS
- Financial Loss
Indicators of Compromise
IP
77.61.147.141
203.131.215.35
45.202.35.86
62.72.185.39
92.119.159.25
91.92.243.49
185.216.70.121
154.216.17.126
103.30.43.120
154.216.18.196
194.55.186.222
190.123.46.21
103.124.107.17
38.6.224.248
MD5
0142d1ae25f6c186173fd7be20ab0d35
23ee5a8b998de681eb94885abdb35dd6
5bf7742d8a20a9ccbd7af5a4cad4fb4a
b5a042a7f1031583a2e2561aa9bb42f5
344202a75c93c712af47bf0c865b38f4
76abe173655108323199f1f3df7cdc6e
7d44dcddfb7b57c777ffa55aae9c2427
70125d1a06f33fbd92d73df8c3e5e495
8bed0b9a5fcf46fdc9d31a669a3f99be
SHA-256
c9fe390890a8b0586e8d5ac410685a7c4ed147858b10eb75459fa1afca8dc84d
c0ae1eb249705f61d45ca747c91c02a411557a28792f4064c1d647abb580bc10
f5aa93311d8dcde50d87ec010274fdd7a7653eed51264f0e2e648403ec4177d0
76ebd9695aef87cc975d63b3a7a9ecc7d31bcd53a29e70ba97464a61e102cf52
6b8ef346df6c002aaba3bcf91bed0ce8078a76e4600bcf86c08a6eef80d4c77a
60dc6802d55f1130f47ee631c245328250951e5d300942177fedae1845ab7912
5234086aff9cd88b6b25fa068a860e91f5faf8d457df60cb207b329c69c27c0d
6230cf081bf077de1ad2a42fc0b0f04aeb213855373ebaa26ebff797a5d4096f
ffa702f8681a58b52e70e445fc4daa8c2e909d6b20ab3eee635959f66672fd27
SHA1
69e26a445f8eea1ab8b8363d3ff946e9d62eb84f
b666bad55d0f0b1feff26e4fdef60db6ef67ed12
0223aa19a8fe4fa4dd8734cedb2288ddde3a9a4e
87ad51d55b097d859f3186fb961abe6331595968
175026bcd9a6a8904ebd4cd29d16a315e984fa60
f3628ead2ff40c4befdeecfbfe232a849f13cf8e
c860f361ff4531332809ac7db2062e01a64be672
9afd6507697281e994be829f230bb6454ba603a3
a54334cb3187689457b04ed98d799b15288d029e
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Never trust or open links and attachments received from unknown sources/senders.
- Upgrade your operating system.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.
- Immediately change default passwords on IoT devices to unique ones.
- Keep devices' firmware and software up to date to ensure that known vulnerabilities are patched.
- Implement firewalls and intrusion detection systems to monitor and control traffic to and from IoT devices.
- Employ tools that can identify unusual behavior or traffic patterns that might indicate a DDoS attack or a compromised device.
- Disable any unnecessary services or features on IoT devices to reduce their attack surface.
- Follow security best practices, such as disabling remote management if not needed and enabling security features provided by the device manufacturer.
- Deploy intrusion detection and prevention systems (IDS/IPS) to monitor for anomalous or malicious network activity.
- Set up alerts for unusual traffic patterns that might indicate a DDoS attack or a compromised device.
- Use cloud-based DDoS mitigation services that can absorb large-scale attacks.
- Install on-premise DDoS protection appliances for real-time monitoring and traffic filtering.
- Configure rate-limiting and traffic-shaping rules to manage incoming requests effectively.
- Implement strong authentication mechanisms, such as unique credentials and multi-factor authentication (MFA), for IoT devices.
- Regularly update IoT device firmware to patch known vulnerabilities.
- Disable unused services and ports to reduce the attack surface.