Global Secure Layer (GSL) has successfully navigated the turbulent waters of a historic Distributed Denial of Service (DDoS) attack, which targeted a Minecraft gaming server and peaked at an astonishing 3.15 billion packets per second (Gpps) on August 25, 2024. This unprecedented event not only tested GSL’s capabilities but also showcased the evolving landscape of cybersecurity threats.
Unprecedented Scale and Mitigation
The DDoS attack set a new benchmark in packet rate, with a relatively low bitrate of 849 Gbps. Despite the overwhelming scale, GSL’s in-house DDoS management platform, Creatia, seamlessly auto-mitigated the attack in conjunction with their Goliath mitigation system, which spans 33 global points of presence. This strategic deployment proved effective in managing the onslaught.
Reports from GSL confirm that the attack was rigorously verified with tier-one providers and internet exchange operators, ensuring that the reported packet rate was consistent with device telemetry. This incident eclipsed previous records by a factor of 3.2 to 3.5 times, solidifying its status as the largest DDoS attack publicly recorded.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!
The Attack’s Evolution
This assault was not an isolated incident; it was preceded by a smaller-scale attack that occurred just a day earlier, targeting a single prefix of the victim. This initial strike peaked at 1.7 Gpps and lasted a mere 20 seconds, but thanks to pre-emptive security measures on Creatia, it did not disrupt the user experience.
The initial attack likely served as reconnaissance, allowing the attackers to identify vulnerabilities before launching their more extensive campaign. The subsequent assault employed a “carpet bomb” strategy, targeting all advertised prefixes of the victim network in a relentless series of attacks, ultimately revealing the full capacity of the botnet at its peak of 3.15 Gpps.
Geographic and Technical Analysis
The origins of the attack were traced to several key regions, with the packet-heavy botnet primarily emerging from Russia, Vietnam, and Korea. In contrast, the volumetric-heavy botnet saw significant traffic from Russia, Ukraine, and Brazil, indicating the involvement of two distinct botnets with varying characteristics.
On the technical front, Korea Telecom was identified as a major contributor to the packet rate volume. Investigations revealed that MAX-G866ac devices, which were vulnerable to CVE-2023-2231, played a significant role in the attack. This vulnerability allows for authentication manipulation, leading to potential remote code execution, underscoring the critical need for timely patching and securing of network devices.
The Role of GSL’s Mitigation Strategies
GSL’s mitigation strategies were instrumental in neutralizing the attack. Within just 15 minutes of the attack’s initiation, the targeted prefixes were reconfigured to a more robust security posture, effectively safeguarding end users from further impact. Although attackers made several attempts at volumetric hits, peaking between 1.1 and 1.5 Tbps, these efforts were also mitigated without affecting customer experience.
Employing a patent-pending heuristics anomaly detection engine, GSL’s system includes full-state tracking capabilities across all scrubbing devices within their network. This advanced technology allows for baseline customer traffic to be sampled and understood prior to an attack reaching the end customer, resulting in mitigation times of less than 100 milliseconds.
The record-breaking attack on the Minecraft server serves as a poignant reminder of the ever-evolving threat landscape in cybersecurity. As attackers refine their methods, the necessity for robust DDoS defenses becomes increasingly paramount. The events surrounding this attack highlight the importance of strategic planning for network border and backbone capacity, as well as a deep understanding of the end customer’s clean traffic profile to maintain a proactive security stance.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
