French cloud computing firm OVHcloud announced that it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024, which peaked at 840 million packets per second (Mpps). This surpasses the previous record of 809 million Mpps, reported by Akamai during an attack on a large European bank in June 2020.
The 840 Mpps DDoS attack involved a combination of a TCP ACK flood from 5,000 source IPs and a DNS reflection attack using approximately 15,000 DNS servers to amplify the traffic.
“While the attack was distributed worldwide, two-thirds of the total packets entered from just four points of presence, all located in the U.S., with three on the west coast,” OVHcloud noted. “This underscores the adversary’s ability to send a massive packet rate through only a few peerings, which can be very problematic.”
OVHcloud has observed a significant increase in DDoS attacks in both frequency and intensity since 2023, with those exceeding 1 terabit per second (Tbps) becoming a regular occurrence. “In the past 18 months, we’ve seen 1+ Tbps attacks go from being rare to almost daily,” said OVHcloud’s Sebastien Meriot. “The highest bit rate we observed during that period was around 2.5 Tbps.”
Unlike typical DDoS attacks that flood targets with junk traffic to exhaust bandwidth, packet rate attacks overload the packet processing engines of networking devices near the destination, such as load balancers.
Data from OVHcloud indicates a sharp increase in DDoS attacks with packet rates exceeding 100 Mpps during the same period, many originating from compromised MikroTik Cloud Core Router (CCR) devices. Approximately 99,382 MikroTik routers are accessible over the internet, running outdated operating systems and exposing vulnerable administration interfaces. Threat actors are likely exploiting the operating system’s Bandwidth test feature for these attacks.
It’s estimated that hijacking even 1% of these exposed devices into a DDoS botnet could theoretically enable adversaries to launch layer 7 attacks reaching 2.28 billion packets per second (Gpps).
MikroTik routers have previously been used to build potent botnets like MÄ“ris and for botnet-as-a-service operations. “Depending on the number of compromised devices and their actual capabilities, this could signal a new era for packet rate attacks,” said Meriot. “Botnets capable of issuing billions of packets per second could seriously challenge the design and scaling of anti-DDoS infrastructures.
 attack in April 2024, which peaked at 840 million packets per second (Mpps). This surpasses the previous record of 809 million Mpps, reported by Akamai during an attack on a large European bank in June 2020.){kind=link}