Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?



OVHcloud Sees Record 840 Mpps DDoS Attack

OVHcloud says it mitigated the largest ever DDoS attack leveraging packet rate, which peaked at 840 Mpps.

DDoS attack

Cloud provider OVHcloud this week revealed that it had mitigated the largest ever distributed denial-of-service (DDoS) attack in terms of packet rate, amid an overall increase in DDoS attack intensity.

Packet rate DDoS attacks seek to overload the processing engines of the networking devices close to the target, essentially taking down the infrastructure in front of the victim, such as the anti-DDoS systems.

Packet rate DDoS attacks, the cloud provider explains, are highly effective as their mitigation requires dealing with many small packets, which is typically more difficult than dealing with less, albeit larger packets.

“We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit,” OVHcloud notes.

Peaking at around 840 Mpps (million packets per second), the largest packet rate attack was registered in April this year, breaking the record that was set at 809 Mpps in 2021.

Even more worrying, however, is that OVHcloud has been observing a sharp increase in packet rate DDoS attacks above the 100 Mpps threshold over the past six months.

Typically, threat actors rely on DDoS attacks that focus on exhausting the target’s bandwidth (network-layer or Layer 3 attacks) or resources (application-layer or Layer 7 attacks), but the adoption of packet rate assaults is surging.

“We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps,” OVHcloud says.

Advertisement. Scroll to continue reading.

Most of the traffic used in the record attack, the cloud provider says, consisted of TCP ACK packets originating from roughly 5,000 IPs.

The company’s investigation revealed the use of MikroTik routers as part of the attack, specifically cloud core routers – namely the CCR1036-8G-2S+ and CCR1072-1G-8S+ device models. There are close to 100,000 CCR devices exposed to the internet, with the two models accounting for roughly 40,000 of them.

Should a threat actor be able to ensnare all these devices into a botnet, OVHcloud says, that botnet could theoretically generate 2.28 billion packets per second (or Gpps).

Following a steady increase in frequency over the past year and a half, large network-layer attacks are also a normal occurrence now, the cloud provider reports.

The Mirai botnet was the first to break the 1 Tbps (terabit per second) threshold in 2016, with 3.47 Tbps and 2.5 Tbps records set in 2022, DDoS attacks over 1 Tbps are run-of-the-mill now.

“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week). The highest bit rate we observed during that period was ~2.5 Tbps,” OVHcloud notes.

In October last year, the industry observed some of the largest Layer 7 DDoS attacks in history. Exploiting the ‘HTTP/2 Rapid Reset’ zero-day vulnerability, multiple record-breaking assaults were seen over the course of several days, with the largest peaking at 398 million requests per second (rps).

Related: Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks

Related: Akamai Sees Europe’s Biggest DDoS Attack to Date

Related: Operator of ‘DownThem’ DDoS Service Sentenced to 24 Months in Prison

Related: Mēris Botnet Flexes Muscles With 22 Million RPS DDoS Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as its new CRO.

Identity orchestration provider Strata Identity has appointed Aldo Pietropaolo as Field CTO.

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights