Global Secure Layer (GSL) has successfully navigated the turbulent waters of a historic Distributed Denial of Service (DDoS) attack, which targeted a Minecraft gaming server and peaked at an astonishing 3.15 billion packets per second (Gpps) on August 25, 2024. This unprecedented event not only tested GSL’s capabilities but also showcased the evolving landscape of cybersecurity threats.
Unprecedented Scale and Mitigation
The DDoS attack set a new benchmark in packet rate, with a relatively low bitrate of 849 Gbps. Despite the overwhelming scale, GSL’s in-house DDoS management platform, Creatia, seamlessly auto-mitigated the attack in conjunction with their Goliath mitigation system, which spans 33 global points of presence. This strategic deployment proved effective in managing the onslaught.
Reports from GSL confirm that the attack was rigorously verified with tier-one providers and internet exchange operators, ensuring that the reported packet rate was consistent with device telemetry. This incident eclipsed previous records by a factor of 3.2 to 3.5 times, solidifying its status as the largest DDoS attack publicly recorded.
The Attack’s Evolution
This assault was not an isolated incident; it was preceded by a smaller-scale attack that occurred just a day earlier, targeting a single prefix of the victim. This initial strike peaked at 1.7 Gpps and lasted a mere 20 seconds, but thanks to pre-emptive security measures on Creatia, it did not disrupt the user experience.
The initial attack likely served as reconnaissance, allowing the attackers to identify vulnerabilities before launching their more extensive campaign. The subsequent assault employed a “carpet bomb” strategy, targeting all advertised prefixes of the victim network in a relentless series of attacks, ultimately revealing the full capacity of the botnet at its peak of 3.15 Gpps.
Geographic and Technical Analysis
The origins of the attack were traced to several key regions, with the packet-heavy botnet primarily emerging from Russia, Vietnam, and Korea. In contrast, the volumetric-heavy botnet saw significant traffic from Russia, Ukraine, and Brazil, indicating the involvement of two distinct botnets with varying characteristics.
On the technical front, Korea Telecom was identified as a major contributor to the packet rate volume. Investigations revealed that MAX-G866ac devices, which were vulnerable to CVE-2023-2231, played a significant role in the attack. This vulnerability allows for authentication manipulation, leading to potential remote code execution, underscoring the critical need for timely patching and securing of network devices.
The Role of GSL’s Mitigation Strategies
GSL’s mitigation strategies were put to the ultimate test during this unprecedented DDoS attack. Their layered approach, combining Creatia's automated response capabilities with the extensive reach of the Goliath mitigation system, proved to be a robust defense against the evolving threat landscape. This incident not only highlights the importance of advanced cybersecurity measures but also sets a new standard for what is possible in DDoS mitigation.