Security Experts:

Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server

A Mirai botnet variant has launched a distributed denial-of-service (DDoS) attack that peaked at 2.5 terabytes per second (Tbps), according to Cloudflare, which described it as the largest attack it has seen in terms of bitrate.

The attack was aimed at a Minecraft server named Wynncraft and it involved UDP and TCP floods. However, the web security firm said it mitigated the attack, preventing it from causing any disruption to the game.

While this may have been a record-breaking attack for Cloudflare, Microsoft last year observed an attack that peaked at 3.47 Tbps and another that reached 3.25 Tbps.

Cloudflare this year also saw an attack reaching 26 million requests per second (RPS). The attack was noteworthy particularly for the fact that it was powered by a small botnet of only 5,000 devices. However, in terms of RPS, Google saw the biggest attack known to date, which peaked at 46 million RPS.

“The entire 2.5 Tbps attack lasted about 2 minutes, and the peak of the 26M rps attack only 15 seconds,” Cloudflare explained. “This emphasizes the need for automated, always-on solutions. Security teams can’t respond quick enough. By the time the security engineer looks at the PagerDuty notification on their phone, the attack has subsided.”

Cloudflare reported seeing the massive attack aimed at the Minecraft server in its DDoS threat report for the third quarter of 2022. The company has seen longer-lasting volumetric attacks and a spike in attacks powered by variants of the Mirai botnet, with a quarter-over-quarter (QoQ) increase of 405%.

Cloudflare has seen an overall increase in attacks compared to last year, including application-layer, network-layer and ransom attacks.

The company has highlighted one attack vector for which it has seen a significant increase: BitTorrent. DDoS attacks abusing BitTorrent have increased by more than 1,200% QoQ.

DDoS attacks have been making headlines in recent weeks, as a pro-Russia hacker group named Killnet has targeted major companies and various countries, including the United States, Estonia, and Lithuania.

Cybersecurity and application delivery company Radware this week published a report detailing Killnet’s DDoS attacks on US civilian and government systems.

Related: Mitel Devices Abused for DDoS Vector With Record-Breaking Amplification Ratio

Related: Cloudflare Customer Targeted in Record HTTPS DDoS Attack

Related: Akamai Sees Largest DDoS Extortion Attack Known to Date

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.