Cloudflare signalled a number of massive DDoS attacks in the past quarter. The attacks were mainly aimed at extorting VoIP providers. In addition, security experts note the arrival of a large botnet.

According to Cloudflare’s Q3 DDoS Attack Trends report, the past quarter was dominated by large DDoS attacks. These included both HTTP DDoS attacks and DDoS attacks that targeted underlying network layers.

DDoS attacks are becoming fewer but more significant in volume. While the entire number of DDoS attacks decreased, larger attacks — between 500 Mbps and 10 Gbps — rose significantly in the past quarter.

Attacks on VoIP providers

According to Cloudflare, the increase in the number of DDoS attacks on VoIP providers is striking. Hackers focus mainly on bringing down the SIP infrastructure or trying to hold it hostage. The hackers can then extort the affected VoIP providers. These types of attacks seem to be continuing in the current fourth quarter of this year.

The emergence of the Meris botnet

Another important finding is the emergence of a new powerful botnet, Meris. This botnet consists of hacked IoT devices, IoT products, PCs and Internet-connected home devices, such as cameras, VCRs and televisions.

The Meris botnet is capable of infecting other network devices such as routers and switches, providing it with hefty computing power and data generation capabilities. Said power can cause damage on a much larger scale than, for example, the well-known Mirai botnet. The Mirai botnet only uses the computing power of IoT devices with limited capabilities, such as cameras.

Despite the Meris botnet DDoS attacking a financial institution with 17.2 million requests per second in Q3 2021, the experts note that it has done relatively little damage so far.

Regional differences

Furthermore, Cloudflare researchers found that most DDoS attacks came from China, followed by the United States and India. Companies were most frequently attacked in the United States, but also increasingly in the United Kingdom and Canada. The experts note that more and more companies in the Middle East and Africa are falling victim to large-scale DDoS attacks.

Entities frequently hit by a DDoS attack were software, gambling and gaming companies, as well as other IT and Internet companies, such as the VoIP providers described above.