Monday, July 15, 2024

OVHcloud’s Record-Breaking DDoS Attack: How They Survived


- Advertisement -
  • OVHcloud survived a record-breaking 840 million packets per second DDoS attack.
  • The attack used compromised Mikrotik devices with outdated firmware.
  • Updating firmware and keeping devices secure is crucial to prevent such attacks.

OVHcloud recently revealed new details about an intense Distributed Denial of Service (DDoS) attack that hit it earlier this year.

The attack, which reached a staggering 840 million packets per second (Mpps), was one of the largest ever recorded.

This massive DDoS attack put OVHcloud’s defenses to the test, but the company managed to survive it.

In a detailed blog post, OVHcloud explained that the attackers used core network devices to launch their assault, making it much more powerful and harder to defend against.

They identified two specific Mikrotik models, the CCR1036-8G-2S+ and the CCR1072-1G-8S+, which were targeted during these attacks.

These models are often used in small to medium-sized network cores and have their interfaces exposed online while running outdated firmware. This made them an easy target for cybercriminals.

- Advertisement -

The Mēris Botnet

OVHcloud observed nearly 100,000 Mikrotik devices connected to the wider internet, though it’s unclear how many of these were compromised.

The record-breaking DDoS attack came from 5,000 source IPs, with two-thirds of the packets being routed through just four Points of Presence (PoPs), all located in the United States.

These Mikrotik devices have significant processing power, with some featuring 36-core CPUs.

This means that even if only 1% of these devices were hijacked and added to a botnet, they could potentially generate a DDoS attack reaching 2.28 billion packets per second (Gpps).

The identity of the attackers and the specific malware used to control these devices remain unknown. However, past incidents have linked Mikrotik devices to the Mēris botnet.

Preventing Future Attacks

The best way to protect against such malware attacks is to ensure devices are always updated with the latest firmware and software. Keeping these devices away from public internet access whenever possible is also crucial.

- Advertisement -

Mikrotik has repeatedly warned its users to upgrade their RouterOS, the operating system that powers these devices, to a secure version. Despite these warnings, many users continue to run older, vulnerable versions.

OVHcloud has reached out to Mikrotik with details about their findings but has not yet received a response. This highlights the importance of communication and cooperation between companies in the tech industry to enhance security measures and prevent future attacks.

The recent DDoS attack on OVHcloud underscores the need for vigilance in cybersecurity. Regularly updating firmware and software, securing network devices, and responding promptly to security warnings are essential steps in protecting against such devastating attacks.

As technology continues to advance, so do the methods of cybercriminals, making it more important than ever to stay ahead in the cybersecurity game.

- Advertisement -
Emily Parker
Emily Parker
Emily Parker is a seasoned tech consultant with a proven track record of delivering innovative solutions to clients across various industries. With a deep understanding of emerging technologies and their practical applications, Emily excels in guiding businesses through digital transformation initiatives. Her expertise lies in leveraging data analytics, cloud computing, and cybersecurity to optimize processes, drive efficiency, and enhance overall business performance. Known for her strategic vision and collaborative approach, Emily works closely with stakeholders to identify opportunities and implement tailored solutions that meet the unique needs of each organization. As a trusted advisor, she is committed to staying ahead of industry trends and empowering clients to embrace technological advancements for sustainable growth.

Read More

Trending Now