In a recently published report into DDoS threats in Q3 2022, Cloudflare observed that the most forceful attack of the quarter targeted a Minecraft gaming server. An individual or organization launched a 2.5 Tbps DDoS attack via a Mirai botnet variant, aimed at the popular Wynncraft MMORPG Minecraft server.
Cloudflare says that multi-terabit attacks have become more frequent, and its automated content protection and DDoS mitigation services responded to several >1 Tbps attacks in Q3.
Interestingly, the Wynncraft targeted attack was "the largest attack we’ve ever seen from the bitrate perspective" — which leads one to wonder about the motivations behind it. Minecraft is not political, nor does it have anything to do with state security. However, it seems to be a popular DDoS target during tournaments, where rivals are jostling for any possible competitive advantage.
According to Cloudflare, the Wynncraft server attack came form multiple vectors and consisted of UDP and TCP data packet floods. Luckily for Minecraft gamers engrossed at the time of the powerful DDoS attack, Cloudflare’s systems managed to filter out the attack, negating any of its intended impacts.
The report also highlighted some key DDoS trends of the last quarter. Some of the attacks certainly looked political, such as the surges in attacks against Taiwanese and Japanese sites and institutions. (For context, China got pretty upset about US Speaker Nancy Pelosi visiting Taiwan in Q3, and North Korea likes to poke at Japan.)
In good news, ransom attacks (in which attackers offer to scale back DDoS for a fee) appear to be trending down — though September saw a spike. It's possible this has something to do with the reducing value of cryptocurrencies, which is what attackers usually asked to be paid in.
It's also interesting to see the top source countries for DDoS attacks charted. China is a clear leader, despite (or because of?) the government’s iron grip over the internet. “Attack traffic from China-registered IP addresses increased by 29% YoY and 19% QoQ,” according to the Cloudflare post.