NETSCOUT Arbor can confirm a 1.7Tbps DDoS attack against the customer of a USA based service provider has occurred.
NETSCOUT Arbor Confirms 1.7 Tbps DDoS Attack; The Terabit Attack Era Is Upon Us
Put that in perspective
This attack was more than 2X as large as the previous record recorded by our ATLAS global traffic and threat data system. That attack was 650Gbps towards a target in the Brazil games during the summer of 2016.
Why is this significant (from an offensive perspective)
Last week, Akamai confirmed the first ever terabit attack, a 1.3Tbps attack targeting GitHub. Both attacks used the same techniques, memcached services and reflection amplification. Two different terabit attacks in one week is a stark warning to network operators that they need to be prepared for mega attack sizes going forward.
Why is this significant (from a defenders perspective)
It’s a testament to the defence capabilities that this Service Provider had in place to defend against an attack of this nature that no outages were reported because of this. These massive attacks can be defended with best practice defences. It is critical that your DDoS mitigation service provider have sufficient scale and expertise to block attacks of this size. Arbor Cloud, for example, has been sized to over 10x the largest attack seen previously so it is well equipped to handle attacks of this scale. It is critically important for companies to take the necessary steps to protect themselves including implementation of best current practices described in the following Arbor Security Engineering and Response Team (ASERT) blog.
Why do we expect the terabit attack era is upon us?
While the internet community is coming together to shut down access to the many open memcached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit. In the internet community is able to adjust and make significant progress on memcached servers, we should expect terbit attacks to continue.