Web security services provider Cloudflare says it mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps).
The multi-vector assault was launched by a botnet of approximately 15,000 machines infected with a variant of the original Mirai malware. The bots included Internet of Things (IoT) devices and GitLab instances, Cloudflare said in a new report.
GitLab instances ensnared into the botnet are affected by CVE-2021-22205, a critical (CVSS score of 10) vulnerability that was patched more than six months ago, but which continues to expose tens of thousands of systems.
The 2 Tbps DDoS attack only lasted one minute. The assault combined DNS amplification and UDP floods, company said.
[ READ: ‘BotenaGo’ Malware Targets Routers, IoT Devices with Over 30 Exploits ]
Cloudflare notes that it observed an overall increase in the number of terabit-strong DDoS attacks over the last quarter, and that network-layer incidents were up 44% quarter-over-quarter.
The trends appear to continue into the fourth quarter of the year as well, with multiple terabit-strong attacks already hitting Cloudflare’s infrastructure.
In August, the web protection firm said it observed a Mirai-variant botnet launching multiple 1Tbps attacks, some peaking at 1.2 Tbps.
Last month, Microsoft said in August it mitigated a massive 2.4 Tbps assault originating from 70,000 sources worldwide. Last year, Amazon and Google said they mitigated 2.3 Tbps and 2.5 Tbps DDoS attacks, respectively.
Related: Operator of ‘DownThem’ DDoS Attack Service Convicted
Related: Mēris Botnet Flexes Muscles With 22 Million RPS DDoS Attack
Related: Organizations Warned: STUN Servers Increasingly Abused for DDoS Attacks

More from Ionut Arghire
- Google Leads $16 Million Investment in Dope.security
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
