Follow on X RSS Feed
News

Minecraft Under Siege: Record-Breaking 3.15 Billion Packet DDoS Attack Marks a New Era of Cyber Threats

Cybersec Sentinel

3 min read
Minecraft Under Siege: Record-Breaking 3.15 Billion Packet DDoS Attack Marks a New Era of Cyber Threats

Threat Details:

  • Threat Group: Unknown (Utilised multiple botnets)
  • Threat Type: Distributed Denial of Service (DDoS)
  • Exploited Vulnerabilities: Devices vulnerable to CVE-2023-2231 (e.g., DrayTek Vigor routers, Hikvision IP cameras)
  • Malware Used: Not specified, but botnets were leveraged
  • Threat Score: High (9/10) — Due to the unprecedented packet rate and multi-vector approach
  • Last Threat Observation: 25 August 2024 (Reported by Global Secure Layer)

Overview:

In August 2024, a Minecraft server faced an extraordinary Distributed Denial of Service (DDoS) attack, peaking at 3.15 billion packets per second (Gpps), making it the largest packet-rate DDoS attack ever recorded. Despite the magnitude, the server remained operational due to the swift mitigation response from Global Secure Layer (GSL), utilising their Goliath DDoS protection platform. This incident highlights the increasing frequency and sophistication of high-packet-rate DDoS attacks, particularly in the gaming sector.

Key Details:

  • Initial Probe: On 24 August 2024, a preliminary attack at 1.7 Gpps was launched to test the network's defences.
  • Main Attack: The full assault occurred on 25 August 2024, deploying a “carpet bombing” tactic that targeted all IPs in the subnet, peaking at 3.15 Gpps. This method aimed to bypass traditional per-destination detection systems.
  • Botnet Source: 42,209 sources across 18 countries were involved, with Russia, Vietnam, and South Korea contributing 42.8% of the traffic. Vulnerable devices, such as routers and cameras, were exploited for this purpose.
  • Mitigation: GSL’s Goliath platform mitigated the attack in under 100 milliseconds, limiting the impact on users.

Attack Vectors:

  1. Carpet Bombing: Attackers flooded multiple IP addresses within the subnet, bypassing traditional DDoS detection systems that focus on individual IPs.
  2. Botnets: Two botnets were identified: one focused on high packet rates, and another on volumetric attacks, which peaked at 1.516 terabits per second (Tbps).

Known Indicators of Compromise (IoCs):

  • Affected Devices: Devices such as DrayTek Vigor routers and Hikvision IP cameras (linked to CVE-2023-2231).
  • Source Countries: Russia, Vietnam, South Korea, Taiwan.

Mitigation and Prevention:

  1. Preemptive Security Configurations: Deploy strong, pre-configured security measures to handle attacks before they escalate.
  2. Network Segmentation: Isolate critical services to minimise the effects of broad, subnet-level attacks.
  3. DDoS Protection Solutions: Use advanced DDoS protection platforms like GSL’s Goliath, which offers automated, rapid-response mitigation.
  4. Regular Patching: Ensure all internet-connected devices are patched and updated regularly to avoid known vulnerabilities being exploited.

How to Update DrayTek Router Firmware

  1. Download the Latest Firmware:
    • Visit the official DrayTek website and navigate to the "Support" or "Downloads" section.
    • Select your router model and download the latest firmware version available for your device.
  2. Log in to the Router Admin Interface:
    • Open a web browser and type the router’s IP address (usually 192.168.1.1) into the address bar.
    • Enter the administrator username and password to access the router's settings.
  3. Backup Configuration:
    • Before performing the update, it’s a good idea to backup your current settings. In the admin panel, navigate to System Maintenance > Configuration Backup and save the current configuration.
  4. Upload the New Firmware:
    • In the admin interface, go to System Maintenance > Firmware Upgrade.
    • Click on Choose File or Browse, and select the firmware file you downloaded from DrayTek's website.
    • Click Upgrade and confirm your action. The router will start the firmware update process.
  5. Wait for the Update to Complete:
    • The update process will take a few minutes. Do not turn off the router or disconnect it from the power during this time.
    • Once the update is complete, the router will automatically reboot.
  6. Restore Configuration (if necessary):
    • If required, you can restore the previously saved configuration by navigating to System Maintenance > Configuration Backup and uploading the saved backup file.
  7. Verify the Firmware Update:
    • After the router restarts, log back into the admin panel.
    • Go to System Maintenance > System Status to verify that the new firmware version is installed.

For further details and firmware downloads, visit the official DrayTek Support page.

Conclusion:

The record-breaking DDoS attack on this Minecraft server signals a growing trend in high-packet-rate attacks. As IoT devices continue to be exploited, robust automated defence mechanisms are increasingly crucial. The ability to respond quickly and efficiently to such attacks will be vital in maintaining secure online infrastructures, especially in industries like gaming, which are frequent targets of DDoS threats.

Sources:

  • ​(Cybersecurity News) Minecraft Server Hit with Record-Breaking 3.15 Billion Packet Rate DDoS Attack”
  • Gameranx, "One of The​ Largest DDoS Attacks That Ever Happened Targeted A Minecraft Server" Gameranx
  • GamesRadar+, "The 'largest ever' DDOS attack was reportedly the 'carpet bombing' of a Minecraft server" GamesRadar