- OVHcloud survived a record-breaking 840 million packets per second DDoS attack.
- The attack used compromised Mikrotik devices with outdated firmware.
- Updating firmware and keeping devices secure is crucial to prevent such attacks.
OVHcloud recently revealed new details about an intense Distributed Denial of Service (DDoS) attack that hit it earlier this year.
The attack, which reached a staggering 840 million packets per second (Mpps), was one of the largest ever recorded.
This massive DDoS attack put OVHcloud’s defenses to the test, but the company managed to survive it.
In a detailed blog post, OVHcloud explained that the attackers used core network devices to launch their assault, making it much more powerful and harder to defend against.
They identified two specific Mikrotik models, the CCR1036-8G-2S+ and the CCR1072-1G-8S+, which were targeted during these attacks.
These models are often used in small to medium-sized network cores and have their interfaces exposed online while running outdated firmware. This made them an easy target for cybercriminals.
The Mēris Botnet
OVHcloud observed nearly 100,000 Mikrotik devices connected to the wider internet, though it’s unclear how many of these were compromised.
The record-breaking DDoS attack came from 5,000 source IPs, with two-thirds of the packets being routed through just four Points of Presence (PoPs), all located in the United States.
These Mikrotik devices have significant processing power, with some featuring 36-core CPUs.
This means that even if only 1% of these devices were hijacked and added to a botnet, they could potentially generate a DDoS attack reaching 2.28 billion packets per second (Gpps).
The identity of the attackers and the specific malware used to control these devices remain unknown. However, past incidents have linked Mikrotik devices to the Mēris botnet.
Preventing Future Attacks
The best way to protect against such malware attacks is to ensure devices are always updated with the latest firmware and software. Keeping these devices away from public internet access whenever possible is also crucial.
Mikrotik has repeatedly warned its users to upgrade their RouterOS, the operating system that powers these devices, to a secure version. Despite these warnings, many users continue to run older, vulnerable versions.
OVHcloud has reached out to Mikrotik with details about their findings but has not yet received a response. This highlights the importance of communication and cooperation between companies in the tech industry to enhance security measures and prevent future attacks.
The recent DDoS attack on OVHcloud underscores the need for vigilance in cybersecurity. Regularly updating firmware and software, securing network devices, and responding promptly to security warnings are essential steps in protecting against such devastating attacks.
As technology continues to advance, so do the methods of cybercriminals, making it more important than ever to stay ahead in the cybersecurity game.