Cloudflare says that it recently stopped the largest HTTPS DDoS attack ever seen.
Product Manager Omer Yoachimik revealed in a blog post that the company automatically detected and mitigated a 26 million request per second (RPS) attack against a customer website using the company’s Free plan.
Such a powerful attack was made possible thanks to threat actors using hijacked virtual machines and servers, rather than Internet of Things (IoT) devices, to send the malicious traffic, the company said. In total, roughly 5,000 devices were used for the attack, with each endpoint generating roughly 5,200 RPS at peak.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
Expensive attacks
This goes to show just how dangerous virtual machines and servers are, when used for DDoS attacks, the company says, as other, larger botnets, aren’t capable of mimicking a fraction of this power.
Thirty seconds into the attack, the botnet generated more than 212 million HTTPS requests from more than 1,500 neworks, located in 121 countries. Most requests came from Indonesia, the US, Brazil, and Russia. Some 3% of the attack came through Tor nodes.
The top source networks include French-based OVH (Autonomous System Number 16276), the Indonesian Telkomnet (ASN 7713), the US-based iboss (ASN 137922) and the Libyan Ajeel (ASN 37284), the blog adds.
Cloudflare also said the attack was over HTTPS, making it more expensive in terms of required computational resources, as establishing a secure TLS encrypted connection costs more. Consequently, it also costs more to mitigate it, Cloudflare said. “We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,” the blog reads.
Large attacks are growing, both in size, and in frequency, Cloudflare warns. Still, they remain short and rapid, as threat actors try to wreak as much havoc as possible, without being spotted.