In recent months, the Mirai botnet has been used to attack security bloggers, DNS companies, and (accidentally) German routers, gaining most of the DDoS headlines of 2016. But it is not alone.

Cloudfare reports that it has handled over a week of attacks of up to 480Gbps from an as-yet-unamed botnet from an unknown source.

DDoS
– Google/Jigsaw

What shall we call it?

“On November 23, the day before US Thanksgiving, our systems detected and mitigated an attack that peaked at 172Mpps and 400Gbps. The attack started at 1830 UTC and lasted non-stop for almost exactly 8.5 hours stopping at 0300 UTC. It felt as if an attacker ‘worked’ a day and then went home,” Cloudflare CTO John Graham-Cumming wrote in a blog post.

“The very next day the same thing happened again… On the third day the attacker started promptly at 1800 UTC but went home a little early at around 0130 UTC. But they managed to peak the attack over 200Mpps and 480Gbps. And the attacker just kept this up day after day. Right through Thanksgiving, Black Friday, Cyber Monday and into this week. Night after night attacks were peaking at 400Gbps and hitting 320Gbps for hours on end.”

Graham-Cumming added: “Another curiosity with these attacks is that they are not coming from the much talked about Mirai botnet. They are using different attack software and are sending very large L3/L4 floods aimed at the TCP protocol. The attacks are also highly concentrated in a small number of locations mostly on the US west coast.”

Cloudfare said that it mitigated the attack without impact on its customers. As the number and intensity of DDoS attacks rise - particularly with the abundance of poorly secured Internet of Things devices - so too has the need for protection services.

Just last week, Amazon Web Services, world’s largest cloud provider, announced plans for free DDoS protection for all customers, with AWS Shield filtering out 96 percent of attacks.