On Monday, the largest DDoS attack ever recorded was launched, directed at an unnamed customer of security service and content delivery network CloudFlare. Striking at a remarkable 400 Gbps, the attack is a full 33% larger than the previous record-holder, which hit the Spamhaus Project last year.
CloudFlare has not identified the customer targeted in the attacks, however it was made clear that the hackers at work were taking advantage of a security flaw in the Network Time Protocol (NCP), which is typically used to synchronize clocks across computers.
Tweeting about the attack, Cloudflare CEO Matthew Price said that the NTP attacks seen recently were “getting really nasty”; the attacks have become more frequently used in recent months. “Someone’s got a big, new cannon. Start of ugly things to come,” tweet Price, expressing his concern over the power of the attack aimed at the company’s servers.
Last year, internet spam fighting project Spamhaus experienced an attack which peaked at 300 Gbps of unwanted traffic. The attack on Cloudflare far surpassed the previous record-holder, reportedly causing slower internet service in several locations.