Unpatched GitLab instances discovered just weeks before were used along with compromised bots running the Mirai botnet code to carry out a massive DDoS attack against web infra and security provider Cloudflare. The company successfully mitigated the attack but warned DDoS attacks aren’t going away anytime soon.
Cloudflare said it blocked one of the largest distributed denial of service (DDoS) attacks ever, which leveraged a variant of the original infamous Mirai botnet. Carried out with nearly 15,000 compromised systems or bots, the attack peaked at just under 2 Tbps, effectively making it the fourth largest known DDoS attempt.
Of the top three DDoS attacks, one was launched in 2020, another in 2021, while the biggest one came in 2017, but was revealed only in October 2020. All of these DDoS attacks were successfully repelled by respective companies, all of which are global internet behemoths. Companies that faced the biggest DDoS are:
|
Company |
Year | DDoS Attack Scale | Compromised Devices Used | No. of Compromised Devices Used |
| 2017 | 2.5 Tbps | CLDAP, DNS, and SMTP servers |
180,000 |
|
| 2021 | 2.4 Tbps | Unknown | 70,000 | |
| AWSOpens a new window | 2020 | 2.3 Tbps | CLDAP web servers |
NA |
Lasting just one minute, the incident was a multi-vector attack that combined DNS amplification and UDP floods, according to the web infrastructure, web security, and DDoS mitigation services company.
Source: CloudflareOpens a new window
A DDoS attack involves spoofed traffic, usually in high volumes, passing through the target’s network infrastructure as well as shared communications protocols and interface methods. A DDoS attack is devised so as to distract, divert IT defense systems by overwhelming them with enterprise network traffic. DDoS attacks rarely cause data leaks, but they can severely impact the victim organization’s brand value and trust.
See More: Down With the REvil: U.S. Nabs Key Leaders in War on Notorious Ransomware Gang
“Attacks with high bit rates attempt to cause a denial-of-service event by clogging the Internet link, while attacks with high packet rates attempt to overwhelm the servers, routers, or other in-line hardware appliances. Appliances dedicate a certain amount of memory and computation power to process each packet,†Cloudflare explained in its DDoS Attack Trends report for Q3 2021.
The company added, “Therefore, by bombarding it with many packets, the appliance can be left with no further processing resources. In such a case, packets are “dropped,†i.e., the appliance is unable to process them. For users, this results in service disruptions and denial of service.â€
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), some tell-tale signs of a DDoS attack are:
- Exceptionally laggard network performance
- Unavailability of a particular website
- Inability to access any website
DDoS attacks became prevalent as schools and other educational institutions were virtually opening up last year at the start of the school year due to the COVID-19-mandated shutdowns. For instance, Miami-Dade County Public Schools, the fourth-largest school district in the U.S., was plagued by DDoS attacks in September 2020.
As Cloudflare’s forensics have pointed out, this DDoS attack was launched using IoT devices and unpatched, vulnerable GitLab instances running the Mirai code variant. What’s more is that the unpatched remote code execution vulnerability (CVE-2021-22205Opens a new window ) in GitLab instances had the highest possible CVSS score of 10.
A thorough analysisOpens a new window by cybersecurity company Rapid7, released on November 1, indicated that 50% of the 60,000 internet-facing GitLab instances were unpatched. It isn’t a stretch to conclude that a significant chunk of those were used in the DDoS attack against Cloudflare.
Moreover, these unpatched GitLab instances could prove to be detrimental to organizations and users in ways much more malicious than DDoS attacks. This includes the introduction of backdoors and other vulnerable functionality into project source code hosted on GitLab.
Experts at Cloudflare believe DDoS attacks aren’t decreasing anytime soon. Quarter-over-quarter, attacks in Q3 2021 increased by 44%Opens a new window . Smaller bitrate attacks have exploded while attacks with larger bit rates continue to grow.
Cloudflare also observed and mitigated HTTP DDoS attacksOpens a new window , terabit-strong network-layer attacks, one of the largest botnets ever deployed (Meris)Opens a new window , ransom DDoS attacks on voice over IP (VoIP) service providersOpens a new window and their global network infrastructureOpens a new window in Q3 2021.
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!