Cloudflare Blocks 2 Tbps DDoS Attack - Largest Ever Recorded

Massive DDoS Attack Blocked by Cloudflare

Cloudflare has announced the successful mitigation of a significant distributed denial-of-service (DDoS) attack.

The attack reached a peak intensity of nearly 2 Tbps, positioning it among the largest ever documented.

Attack Details and Origins

According to a blog post released by the internet performance and security company, the assault originated from roughly 15,000 compromised bots.

These bots utilized a modified version of the original Mirai malware, targeting vulnerable Internet of Things (IoT) devices and unpatched GitLab installations.

Recent GitLab Vulnerability

This DDoS event follows a warning issued by Rapid7 just two weeks prior regarding a critical vulnerability within GitLab.

The vulnerability, scoring a perfect 10.0 on the Common Vulnerability Scoring System (CVSS), allowed for remote code execution, potentially enabling the deployment of botnet malware on affected servers.

Rapid7’s research indicated that at least half of the 60,000 publicly accessible GitLab instances remained unpatched, with an expectation of increased exploitation as details of the flaw became widely known.

Attack Characteristics

Cloudflare confirmed blocking the substantial DDoS attack only one week after Rapid7’s warning.

Their analysis reveals a multi-vector attack, combining both DNS amplification techniques and UDP floods to overwhelm the target.

The duration of the attack was brief, lasting less than a minute, but represented the largest volume Cloudflare had ever observed.

Recent Trends in DDoS Attacks

This incident occurred just a month after Microsoft reported mitigating a “record-breaking” 2.4 Tbps DDoS attack aimed at an Azure customer in Europe.

Cloudflare successfully mitigated the attack within seconds, but notes a surge in multi-terabit DDoS attacks throughout the past month.

This suggests that the frequency of such large-scale attacks is unlikely to decrease in the near future.

Increased Network-Layer Attacks

Omer Yoachimik, a product manager at Cloudflare, stated that network-layer DDoS attacks increased by 44% quarter-over-quarter, as detailed in their Q3 DDoS Trends report.

Despite the fourth quarter not yet being complete, Cloudflare has already detected multiple terabit-level attacks targeting its customers.

Recommendations for GitLab Users

Rapid7 strongly advises all GitLab users to update to the latest version of the software immediately.

Furthermore, they recommend that GitLab should ideally not be directly accessible from the public internet.

If remote access is necessary, implementing a Virtual Private Network (VPN) is suggested as a security measure.