Cloudflare successfully blocked DDoS attacks up to 2 Tbps
In October 2016, a hacker used the Mirai Internet of Things worm to control millions of Internet of Things devices to launch an attack on the US DNS service provider DYN. After the attack, many well-known websites on the east coast of the United States could not be accessed.
In the next few years, Mirai appeared in countless variants. The core functions of these variants are to infect IoT devices with built-in password combinations. The most common one is the camera IP. Some camera IPs use the default account password and have never been modified, so it is easy to be infected.
Recently, Cloudflare released a blog post introducing the company’s latest intercepted DDoS attack. The instantaneous traffic of this attack was close to 2 Tbps and was initiated by approximately 15,000 bots. These robots are located in IoT devices and GitLab instances without patches, and Mirai is still behind the robots.
Earlier, a security company discovered a vulnerability in GitLab, and the CVSS score of this vulnerability was as high as 10 points/out of 10 points. If you successfully exploit the vulnerability, an attacker can directly invade the server where the GitLab instance is located and run arbitrary code, for example, to run worms such as Mirai. Since the details of the vulnerabilities have been made public, more and more hackers will exploit these vulnerabilities. Scanning shows that half of the 60,000 GitLab instances exposed on the public network have not been patched.
The attack intercepted by Cloudflare has many infected GitLab instances. Mirai variants infected these instances and formed a botnet to launch the attack. It is difficult for 15,000 robots to directly launch an attack of up to 2 Tbps. Cloudflare analyzes that this is a multi-carrier attack. The robots may combine DNS amplification attacks and use UDP floods, etc.
Cloudflare has observed a significant increase in DDoS attacks at the network layer in the third quarter. Although the fourth quarter is not over yet, CloudFlare has now noticed that the number of large-scale DDoS is increasing.
“Another key finding from our Q3 DDoS Trends report was that network-layer DDoS attacks actually increased by 44% quarter-over-quarter,” said Omer Yoachimik, product manager at Cloudflare. “While the fourth quarter is not over yet, we have, again, seen multiple terabit-strong attacks that targeted Cloudflare customers.”
Rapid7 has urged GitLab users to update the latest version of GitLab as soon as possible. “In addition, ideally, GitLab should not be an internet-facing service. If you need to access your GitLab from the internet, consider placing it behind a VPN.”
