A massive distributed denial-of-service (DDoS) attack, one of the largest publicly disclosed of its kind, recently targeted a European DDoS mitigation provider. The assault, which reached an astonishing 1.5 billion packets per second, was successfully fended off by the security company FastNetMon. According to FastNetMon, the malicious traffic was primarily a UDP flood launched from over 11,000 unique networks globally. The company explained that the attack leveraged a vast network of compromised customer-premises equipment (CPE), including common IoT devices and routers, demonstrating a dangerous trend in cybercrime.
While the name of the specific customer was not revealed, FastNetMon described the victim as a DDoS scrubbing provider. These specialized services are designed to filter out malicious traffic during an attack. They employ various techniques like packet inspection, rate limiting, and anomaly detection to keep services online. The sophisticated nature of the attack underscores the increasing vulnerability of internet infrastructure and the need for robust, real-time defenses.
FastNetMon’s swift response was critical to mitigating the attack. The company detected the malicious traffic in real-time and immediately took action using the customer’s DDoS scrubbing facility. This included deploying access control lists (ACLs) on edge routers known for their amplification capabilities. This proactive and rapid intervention prevented the flood of traffic from overwhelming the provider’s systems and causing a widespread service outage.
This incident is the latest example of a concerning trend. Just days before, the internet infrastructure giant Cloudflare announced that it had blocked the largest recorded volumetric DDoS attack in history, which peaked at 11.5 terabits per second. The goal in both attacks was the same: to exhaust the processing abilities of the target and disrupt services. These events highlight the need for a collaborative approach to cybersecurity and the importance of intervention at the internet service provider (ISP) level to combat large-scale threats.
FastNetMon’s founder, Pavel Odintsov, stressed the urgency of the situation. He noted that the weaponization of compromised consumer hardware on a massive scale has become a significant and dangerous trend. Odintsov believes that proactive filtering at the ISP level is essential to stopping these attacks before they can escalate. He called on the industry to implement detection logic at the ISP level, which would help stop these attacks at their source and prevent them from reaching their targets.
Reference:
