OVH, one of the world’s largest hosting companies, reported on Thursday that its systems were hit by distributed denial-of-service (DDoS) attacks that reached nearly one terabit per second (Tbps).
Octave Klaba, the founder and CTO of OVH, revealed on Twitter that the company detected a “lot of huge DDoS” in the past days. A screenshot posted by Klaba shows multiple attacks that exceed 100 Gbps, including simultaneous attacks that totaled nearly 1 Tbps. The largest single attack recorded by OVH peaked at 799 Gbps and 93 MMps.
This is not the only major DDoS attack reported in recent days. Earlier this week, investigative cybercrime journalist Brian Krebs said his blog, KrebsOnSecurity.com, had been targeted in an attack that peaked at 665 Gbps. While it hasn’t been confirmed, some evidence suggests that the attack was carried out in retaliation to a recent blog post exposing the operators of a booter service called vDOS.
The attack was mitigated by Akamai, but the attackers did not give up and Krebs said the company decided to stop providing DDoS protection services. As a result, the journalist has taken his website offline until he finds a new provider.
He pointed out that Akamai had been providing service at no cost. Before this attack, the largest DDoS attack mitigated by the company measured only 336 Gbps.
i can't really fault Akamai for their decision. I likely cost them a ton of money today.
— briankrebs (@briankrebs) September 22, 2016
CloudFlare is confident it can help and it has already offered its services to Krebs. The company’s founder and CEO, Matthew Prince, said they had seen this type of attack before.
Krebs said the attack on his website appears to have been powered almost exclusively by a very large botnet of compromised IoT devices, such as webcams and routers, and no amplification has been used. The expert suggested the same “cannon” has also been tested against OVH and other organizations.
Before the attack that hit Krebs’ website, the largest reported attack, launched by anti-ISIS hackers against BBC websites, peaked at 600 Gbps. However, the magnitude of the attack could not be confirmed.
Related Reading: "Armada Collective" DDoS Threats Strike Again
Related Reading: Record Number of 100+ Gbps DDoS Attacks Hit in Q1 2016