Tag Archive for: CloudFlare

Cloudflare DDoS Report Finds Increase in Attack Volume and Duration

/in


Cloudflare released its Distributed Denial of Service (DDoS) Threat Report for the fourth quarter of 2022. The report covers the DDoS attack landscape as detected by the Cloudflare network. HTTP DDoS attacks increased 79% year-over-year with ransom DDoS attacks seeing an increase as well. The report found that longer attacks on increasing especially with network-layer DDoS attacks.

Cloudflare found that attacks exceeding 100 gigabits per second increased by 67% quarter-over-quarter (QoQ). Attacks that lasted longer than three hours also increased by 87% QoQ. Omer Yoachimik, Product Manager at Cloudflare, notes that for HTTP DDoS attacks:

While most of these attacks were small, Cloudflare constantly saw terabit-strong attacks, DDoS attacks in the hundreds of millions of packets per second, and HTTP DDoS attacks peaking in the tens of millions of requests per second launched by sophisticated botnets.

QoQ Change in DDoS attack rates in 2022 Q4 as measured by Cloudflare

QoQ Change in DDoS attack rates in 2022 Q4 as measured by Cloudflare (credit: Cloudflare)

 

In August of 2022, Google claimed that they fended off a DDoS attack that peaked at 46 million requests per second. Emil Kiner, Senior Product Manager at Google, and Satya Konduru, Engineering Lead at Google, put the scale of the attack into perspective:

To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.

Yoachimik shares that Cloudflare defended an attack against a Korean-based hosting provider that reached one terabyte per second. The attack in question was an ACK flood and was about one minute in duration. An ACK flood attempts to overload a server with TCP ACK packets. The server consumes resources processing the ACK packages preventing it from handling legitimate requests.

Cloudflare found that HTTP DDoS attacks made up 35% of all traffic to Aviation and Aerospace Internet sites. For Education Management companies 92% of traffic was part of network-layer DDoS attacks. Yoachimik also shared that 93% of network-layer traffic to Chinese Internet properties was part of network-layer DDoS attacks.

Ransom DDoS attacks also increased with 16% of…

Source…

Cloudflare highlights DDoS attack trends in latest report

/in


Cloudflare highlights DDoS attack trends in latest report

Cloudflare, the security, performance and reliability company helping to build a better Internet, has announced its 2022 Q3 DDoS report. This report includes insights and trends about the DDoS threat landscape – as observed across the global Cloudflare network.

Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1 Tbps. The largest attack was a 2.5 Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft. This is the largest attack Cloudflare has ever seen from the bitrate perspective. It was a multi-vector attack consisting of UDP and TCP floods. However, Wynncraft – a massively multiplayer online role-playing game Minecraft server where hundreds and thousands of users can play on the same server – didn’t even notice the attack since Cloudflare filtered it out for them.

Geopolitical tensions are reflected in cyberattacks. Cloudflare’s data centres saw attacks targeting Taiwanese companies increase nearly 20x and when looking at the war in Ukraine, the company saw that attacks on Russian websites surged 24x compared to last year.

Highlights of the DDoS Report

General DDoS attack trends

Overall in Q3, Cloudflare has seen:

  • An increase in DDoS attacks compared to last year
  • Longer-lasting volumetric attacks, a spike in attacks generated by the Mirai botnet and its variants
  • Surges in attacks targeting Taiwan and Japan

 

Application-layer DDoS attacks

  • HTTP DDoS attacks increased by 111% YoY but decreased by 10% QoQ
  • HTTP DDoS attacks targeting Taiwan increased by 200% QoQ; attacks targeting Japan increased by 105% QoQ
  • Reports of Ransom DDoS attacks increased by 67% YoY and 15% QoQ

Network-layer DDoS attacks

  • L3/4 DDoS attacks increased by 97% YoY and 24% QoQ
  • In Q3, Cloudflare saw a 4x increase in network-layer DDoS attacks attributed to the Mirai botnet. This underscores why securing IoT devices is critical
  • The gaming/gambling industry was the most targeted by L3/4…

Source…

Mirai Botnet Targeted Wynncraft Minecraft Server, Cloudflare Reports

/in


Performance and security company Cloudflare reported that it stopped a 2.5Tbps distributed denial-of-service (DDoS) attack in Q3 2022 launched by a Mirai botnet against Minecraft server Wynncraft.

The data comes from the company’s latest DDoS Threat Report, which includes insights and trends about the DDoS threat landscape in the third quarter of 2022.

“Multi-terabit strong DDoS attacks have become increasingly frequent. In Q3, Cloudflare automatically detected and mitigated multiple attacks that exceeded 1Tbps,” the company wrote in a blog post on Wednesday.

“The largest attack was a 2.5Tbps DDoS attack launched by a Mirai botnet variant, aimed at the Minecraft server, Wynncraft. This is the largest attack we’ve ever seen from the bitrate perspective.”

According to Cloudflare, the multi-vector attack consisted of UDP and TCP floods. Still, the Wynncraft server infrastructure held and “didn’t even notice the attack” since the security firm filtered it out for them.

“Even with the largest attacks […], the peak of the attacks were short-lived. The entire 2.5Tbps attack lasted about 2 minutes […]. This emphasizes the need for automated, always-on solutions. Security teams can’t respond quickly enough.”

More generally, however, Cloudflare said it noticed a 405% increase in Mirai DDoS attacks compared with the second quarter of 2022, alongside a general increment by other threat actors.

“Attacks may be initiated by humans, but they are executed by bots — and to play to win, you must fight bots with bots,” Cloudflare wrote.

“Detection and mitigation must be automated as much as possible because relying solely on humans puts defenders at a disadvantage.”

Among the most impactful DDoS attacks of the last few months worth mentioning are the August ones against Taiwanese Government sites, the ones targeting UK financial institutions in September and the KillNet ones disrupting the websites of several US airports earlier this month.

Source…

Internet services company Cloudflare blocks Kiwi Farms citing ‘targeted threats’

/in


Internet hosting and security services provider Cloudflare said Saturday that it would block Kiwi Farms, a website associated with harassment campaigns against transgender people.

The announcement puts the future of the fringe internet forum in doubt, though some of its members had already anticipated that Cloudflare could act and began to explore other options.

When attempting to visit Kiwi Farms’ website Saturday evening, an error message appeared that said: “Due to an imminent and emergency threat to human life, the content of this site is blocked from being accessed through Cloudflare’s infrastructure.”

The move comes after Cloudflare became the subject of a pressure campaign by a trans Twitch streamer who has been a target of abuse by Kiwi Farms users.

The streamer, Clara Sorrenti, known to fans as Keffals, responded Saturday in a tweet. “Cloudflare has dropped Kiwi Farms. Our campaign will put out a statement soon,” she said.

Cloudflare CEO Matthew Prince’s announced the move in a blog post and did not mention Sorrenti by name, but said that abuse from Kiwi Farms had intensified in response to her campaign.

“This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with,” Cloudflare’s statement said.

“However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.”

On Friday, NBC News reported that Sorrenti is one of Kiwi Farms’ growing list of targets, and that their harassment techniques could become a playbook against political enemies as the 2024 U.S. presidential election nears.

Kiwi Farms owner Josh Moon did not immediately respond to a request for comment Saturday from NBC News. A post on the Kiwi Farms Telegram account said Cloudflare’s decision was “done without any discussion.”

“The message I’ve received is a vague suspension notice. The message from Matthew Prince is unclear,” the post stated. “If there is any threat to…

Source…