Networking, Network Security

MiktroTik-based botnet fuel DDoS attack strength

Share
Feds untether hundreds of routers from Volt Typhoon botnet

BleepingComputer reports that distributed denial-of-service attack sizes have increased since 2023, peaking at 840 million packets per second in April, the highest on record, amid persistently elevated bit rates and packet rates during the past year and a half.

Such a record-breaking DDoS intrusion stemmed from 5,000 source IPs, with most packets originating from U.S.-based MiktroTik Cloud Core Routers, particularly the CCR1036-8G-2S+ and CCR1072-1G-8S+ models, according to a report from OVHcloud, which discovered and averted the attack. MiktroTik devices have also been used in several other high packet rate attacks during the study period, with threat actors believed to be exploiting the "Bandwidth Test" functionality within MikroTik RouterOS. Moreover, researchers said DDoS attacks reaching 2.28 billion packets per second could be deployed by compromising only 1% of the 100,000 internet-exposed MikroTik routers. The findings come after MikroTik devices have been used to support the powerful Meris botnet.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.