A large-scale DDoS attack mitigated by OVHCloud reached unprecedented proportions. At its peak, the attack reached 800 million packets per second.

In a blog post, French cloud provider OVHCloud looks back in detail at a series of DDoS attacks that took place in April and May. The attacks were successfully repelled, but OVHCloud had to pull out all the stops to achieve this.

Bigger and bigger

With a peak of 840 million requests per second and a bitrate of 2.5 Tbit/s on May 25, the attack attempts reached unprecedented levels. OVHCloud thus “breaks” the previous record held by Akamai (809 Mpps).

According to OVHCloud, large-scale DDoS attacks are no longer an exception. Since the beginning of 2023, attacks with a bitrate of more than 1 Tbit/s have been observed “almost daily”. So it seems only a matter of time before a new “record attempt” occurs.

The French provider sees changes in the way DDoS attacks are carried out. The company speaks of an increase in “packet rate attacks”. Instead of overloading a server’s bandwidth with requests, the focus is now more often on the packet processing engines of network devices, which are attacked at high bit rates.

MicroTik

What was also striking was the type of equipment that was “recruited” to carry out the attacks. The majority of the requests came from powerful network routers from the Latvian company MikroTik. Just four routers were responsible for two-thirds of the packets sent during peak times.

These may be routers that have been poorly managed by their owners. The routers run on an outdated version of the operating system, making them vulnerable to hacker attacks. OVHCloud estimates that around a hundred thousand MikroTik devices are connected to the Internet.

With just one percent of these devices, hackers could build a powerful botnet. OVHCloud says it has already tried to warn MikroTik about the situation, but has not yet received a response from the Latvian manufacturer.