Mirai Botnet caused a record DDoS attack against the Minecraft server

Cloudflare reports having blocked the 2.5 Tbps denial-of-service attack launched by the Mirai botnet

Record DDoS attack mitigatedCloudflare DDoS attack report lists the Minecraft server attack as the largest to the day

Web infrastructure and security company has disclosed the record DDoS attack this week. Wynncraft is one of the largest Minecraft servers, and it was recently hit by a distributed denial-of-service attack.[1] This multi-vector attack lasted for two minutes and consisted of UDP and TCP flood packets attempting to overwhelm the server. The goal was to keep players out of the server.

The attack reached a peak of 26 million rps for around 15 seconds. This is the most significant attack that has been observed by Cloudflare researchers from the bitrate perspective.[2] The attack was recorded and handled, and the report states that DDoS[3] attacks have surged recently and that an incident this size was only reported in 2017. It was when the nation-state actor managed to control the attack for six months.[4]

Cloudflare DDoS threat report of 2022 Q3 also lists other incidents but notes that the particular largest attack was launched by a known Mirai botnet variant. The Minecraft servers, where hundreds and thousands of users can play, did not notice the attack since it was taken care of.

Major issues with DDoS attacks

There are other trends in these incidents of ransom DDoS attacks when threat actors demand payments for the ending of the attack have increased significantly. These attacks have jumped by 67% over the year. Application-layer DDoS attacks, otherwise known as HTTP DDoS attacks, have singled out companies in the US, China, and Cyprus with various attacks originating from China, India, US. The most notable region targeted by these HTTP DDoS attacks is Taiwan, and it faced an increase of 200% compared to the last quarter. Japan was targeted 105% more than last quarter.

DDoS attacks commonly target the gaming industry, and their volume was significantly affected b the comeback of the Mirai botnet.[5] The activity increased four times when compared to Q2 2022. Another significant change that worries cybersecurity researchers is related to the abuse of the BitTorrent protocol. The practice of using these vectors for attacks has increased by more than 1200% quarter to quarter.

Mirai malware is the threat that turns smart devices into a network of remotely controlled bots. These bots form a network called a botnet, and that gets used for these DDoS attacks against companies, networks, servers, and platforms. The particular malware piece has been known since 2016 when the initial attacks on websites of security experts were analyzed.

Increase in large-scale attacks

The report from Cloudflare indicates the rise in the number of large-scale DDoS attacks that reach more than 100Gbps. Even though the majority of recorded attacks measure under 500 Mbps. These attacks are called cyber-vandalism acts and are attributed to script kiddies that are mainly using DDoS tools and direct attacks against poorly protected targets. These are mainly small companies or websites and platforms.

Over the years, it has become easier, cheaper, and more accessible for attackers and attackers-for-hire to launch DDoS attacks

The duration of these attacks can also vary from attack to attack. Many of these incidents are brief and do not take longer than 20 minutes. But the rise in more lengthy episodes has been recorded. The rise of 8,6% and 3,2% in attacks lasting longer than an hour and three hours shows that attack vectors and other techniques allow threat actors to keep access to networks and maintain the outage of servers for longer periods of time.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions