{"id":1601,"date":"2025-01-22T11:48:39","date_gmt":"2025-01-22T11:48:39","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1601"},"modified":"2025-01-22T11:48:39","modified_gmt":"2025-01-22T11:48:39","slug":"spooks-of-the-internet-came-alive-this-halloween","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1601","title":{"rendered":"Spooks of the internet came alive this Halloween"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Halloween 2024 made history with a massive spike in distributed denial of service (DDoS) attacks, with one particular assault reaching over 5 Terabits-per-second (Tbps) worth of phony traffic.<\/p>\n

In its quarterly analysis of DDoS attacks<\/a>, Cloudflare reported a surge in hyper-volumetric attacks in the fourth quarter of 2024.<\/p>\n

\u201cIn the fourth quarter, over 420 of those attacks were hyper-volumetric, exceeding rates of 1 billion packets per second (pps) and 1 Tbps,\u201d Cloudflare researchers said in a blog post. \u201cDuring the week of Halloween 2024, Cloudflare\u2019s DDoS defense systems successfully and autonomously detected and blocked a 5.6 Terabit per second attack\u2013the largest ever reported.\u201d<\/p>\n

These attacks, researchers noted, grew by a staggering 1885% quarter-over-quarter (QoQ).<\/p>\n

Almost seven million DDoS attacks in the quarter<\/h2>\n

Cloudflare reportedly mitigated 6.9 million DDoS attacks in 2024 Q4, a 16% QoQ jump. The number also represented an 83% year-over-year (YoY) increase.<\/p>\n

\u201cOf the 2024 Q4 DDoS attacks, 49% (3.4 million) were Layer 3<\/a>\/Layer 4<\/a> DDoS attacks and 51% (3.5 million) were HTTP DDoS attacks,\u201d the post added.\u00a0<\/p>\n

Six percent of the L3\/L4 attacks were attributed to Mirai botnets<\/a>. The largest DDoS attack on record (5.6 Tbps) was launched by a Mirai-variant botnet on October 29. The attack targeted an internet service provider (ISP) from Eastern Asia, Magic Transit. It, however, lasted only 80 seconds.<\/p>\n

Recently<\/a>, a new Mirai botnet variant was found to be used for zero-day attacks<\/a> on industrial routers. An even newer variant, dubbed Murdoc_Botnet, has been found targeting AVTech Cameras and Huawei routers<\/a>, using known vulnerabilities for initial access.<\/p>\n

Cloudflare analysis found that 73% of HTTP DDoS attacks in the quarter were launched by known botnets. Other attack types included those pretending to be a legitimate browser (11%), and the ones containing suspicious or unusual HTTP attributes (10%).<\/p>\n

Connected devices were the most targeted<\/h2>\n

HITV_ST_PLATFORM, the operating system tool for smart TVs and set-top boxes, was almost exclusively (99.9%) used in DDoS attacks for the quarter. \u201cIn other words, if you see traffic coming from the HITV_ST_PLATFORM user agent, there is a 0.1% chance that it is legitimate traffic,\u201d the post noted.<\/p>\n

Additionally, thirteen of the most commonly used user agents were outdated Chrome versions between 118 and 129. The current version of Chrome for all operating systems is 132.<\/p>\n

\u201cThreat actors often avoid using uncommon user agents, favoring more common ones like Chrome to blend in with regular traffic,\u201d the researchers said. \u201cThe presence of the HITV_ST_PLATFORM user agent, which is associated with smart TVs and set-top boxes, suggests that the devices involved in certain cyberattacks are compromised smart TVs or set-top boxes.\u201d<\/p>\n

Among the most common HTTP methods, which define the action to be performed on a resource on a server, was GET (70%) which corresponds to retrieving data from a server, and POST (27%) which is used for posting or pushing data to a server. Another finding noted Indonesia leading the source of DDoS attacks worldwide, followed closely by Hong Kong, Singapore, and Ukraine. Cloudflare customer survey revealed that 40% of DDoS attacks were launched by competitors, 17% by state-sponsored threat actors, and 14% by a financially motivated attacker.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Halloween 2024 made history with a massive spike in distributed denial of service (DDoS) attacks, with one particular assault reaching over 5 Terabits-per-second (Tbps) worth of phony traffic. In its quarterly analysis of DDoS attacks, Cloudflare reported a surge in hyper-volumetric attacks in the fourth quarter of 2024. \u201cIn the fourth quarter, over 420 of […]<\/p>\n","protected":false},"author":0,"featured_media":1602,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1601","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1601"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1601"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1601\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1602"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}