Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded.
The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things (IoT) devices and unpatched GitLab instances.
The DDoS attack comes just two weeks after Rapid7 warned of a GitLab vulnerability — rated a full 10.0 on the CVSS severity scale — that could be exploited to allow an attacker to remotely run code, like botnet malware, on an affected server. Rapid7 found that at least half of the 60,000 internet-facing GitLab instances remain unpatched, and warned that it expected “exploitation to increase” as details of the bug became public.
The company wasn’t wrong; Cloudflare said it blocked the massive DDoS attack just one week later. From its analysis of the attack, Cloudflare believes that it was a multi-vector attack that combined both …
