Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded.
The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things (IoT) devices and unpatched GitLab instances.
The DDoS attack comes just two weeks after Rapid7 warned of a GitLab vulnerability — rated a full 10.0 on the CVSS severity scale — that could be exploited to allow an attacker to remotely run code, like botnet malware, on an affected server. Rapid7 found that at least half of the 60,000 internet-facing GitLab instances remain unpatched, and warned that it expected “exploitation to increase” as details of the bug became public.
The company wasn’t wrong; Cloudflare said it blocked the massive DDoS attack just one week later. From its analysis of the attack, Cloudflare believes that it was a multi-vector attack that combined both DNS amplification attacks along with UDP floods.
Cloudflare says the attack, which lasted less than a minute, was the largest it had witnessed to date. It comes just a month after Microsoft said it mitigated a “record-breaking” 2.4 Tbps DDoS attack targeting one of its Azure customers in Europe.
While Cloudflare mitigated the attack in seconds, it warns that it has witnessed multiple terabit-strong DDoS attacks last month, adding that this is unlikely a trend that’s going to slow down any time soon.
“Another key finding from our Q3 DDoS Trends report was that network-layer DDoS attacks actually increased by 44% quarter-over-quarter,” said Omer Yoachimik, product manager at Cloudflare. “While the fourth quarter is not over yet, we have, again, seen multiple terabit-strong attacks that targeted Cloudflare customers.”
Rapid7 has urged GitLab users to the latest version of GitLab as soon as possible. “In addition, ideally, GitLab should not be an internet-facing service,” the company added. “If you need to access your GitLab from the internet, consider placing it behind a VPN.”
