Global Secure Layer (GSL) successfully mitigated the most considerable packet rate of the Distributed Denial of Service (DDoS) attack ever recorded.
The attack, aimed at a Minecraft gaming server, reached a staggering peak of 3.15 billion packets per second (Gpps) on August 25, 2024. This article delves into the details of the attack, the mitigation efforts, and the implications for cybersecurity.
Unprecedented Scale and Mitigation
The attack on the Minecraft server was record-breaking in terms of packet rate and demonstrated the effectiveness of GSL’s mitigation strategies.
The peak packet rate of 3.15 Gpps was accompanied by a relatively low bitrate of 849 Gbps. Despite the massive scale, the attack was auto-mitigated by GSL’s in-house DDoS management platform, Creatia, which operates in conjunction with their Goliath mitigation system deployed across 33 global points of presence.
According to the Global Secure Layer (GSL) reports, the attack was meticulously verified with tier-one providers and internet exchange operators, confirming that the reported packet rate matched the device telemetry.
This attack outpaced previous records by a factor of 3.2 to 3.5 times, marking it the largest ever reported to the public.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!
The Attack’s Evolution
The assault on the Minecraft server was not a singular event. A day before the main attack, the perpetrators launched a smaller-scale assault targeting a single prefix of the victim.
This initial attack peaked at 1.7 Gpps and lasted only 20 seconds. Due to pre-emptive security configurations on Creatia, it did not disrupt end users.
The purpose of this initial attack was likely surveillance, allowing the attackers to identify potential vulnerabilities before launching a more extensive campaign.
The subsequent attack used a “carpet bomb” strategy, targeting all advertised prefixes of the victim network in a relentless back-to-back campaign. This approach revealed the botnet’s full capacity, peaking at 3.15 Gpps.
Geographic and Technical Analysis
The attack’s origins were traced to several key regions and networks. The packet-heavy botnet primarily originated from Russia, Vietnam, and Korea, while the volumetric-heavy botnet saw significant traffic from Russia, Ukraine, and Brazil.
This geographic distribution suggests the involvement of two distinct botnets with different characteristics and capabilities.
On the technical side, Korea Telecom was identified as a significant source of the packet rate volume. Investigations revealed that MAX-G866ac devices, vulnerable to CVE-2023-2231, were heavily involved in the attack.
This vulnerability allows for authentication manipulation, leading to remote code execution. It highlights the importance of patching and securing network devices.
The Role of GSL’s Mitigation Strategies
GSL’s mitigation strategies played a crucial role in neutralizing the attack. Within 15 minutes of the attack’s onset, the targeted prefixes were re-configured to a more robust security stance, effectively preventing further impact on the end customer.
The attackers attempted several volumetric hits, peaking between 1.1 and 1.5 Tbps, but these were also mitigated without affecting the customer.
GSL employs a patent-pending heuristics anomaly detection engine, which includes full-state tracking capabilities on all scrubbing devices within their network.
This system allows for baseline customer traffic to be sampled and understood before an attack reaches the end customer, resulting in a mitigation time of sub-100ms.
The record-breaking attack on the Minecraft server underscores the evolving threat landscape in cybersecurity. As attackers continue to develop more sophisticated methods, the need for robust DDoS defenses becomes increasingly critical.
The events of this attack highlight the importance of planning for network border and backbone capacity and understanding the end customer’s clean traffic profile to maintain a preemptive security stance.
GSL’s rapid detection and mitigation capabilities position it as an industry leader in handling large-scale DDoS attacks. Its technical expertise and innovative solutions ensure that it remains at the forefront of cybersecurity, ready to tackle the challenges posed by ever-growing cyber threats.
The attack on the Minecraft server is a stark reminder of the potential scale and impact of DDoS attacks. It emphasizes the need for continuous advancements in cybersecurity measures to protect against such formidable threats.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial