iscover
ReporterShare this article on:
Powered by
MOMENTUM
MEDIA
Cloudflare has recorded the largest HTTPS DDoS attack, after it mitigated 26 million requests per second.
The attackers went through hijacked servers and virtual machines after detecting that the attack originated from cloud service providers instead of weaker internet of things (IoT) devices from compromised residential internet service providers according to Cloudflare. At 26 million request per second DDoS attack, it has been observed as the biggest HTTPS DDoS attack on record.
The attack targeted customer websites using Cloudflare's free plan.
"The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices.
"On average, each node generated approximately 5,200 rps at peak.
"To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices," Cloudflare stated on its blog.
The company explained that in less than 30 seconds, the botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries topped by Indonesia, the United States, Brazil, and Russia. A small percentage of 3 per cent of the attack came through Tor nodes.
The report says the second, larger botnet wasn’t able to generate more than one million requests per second, approximately 1.3 requests per second on average per device. On average, this botnet was 4,000 times stronger bolstered by its use of virtual machines and servers.
This attack had been done on HTTPS, Cloudflare added. However, "it costs more to launch the attack, and for the victim to mitigate it".
"HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare stated.
According to the company's DDoS Trends report, DDoS Attack Trends for 2022 - Q1, small attacks can impact heavily on unprotected internet properties while large attacks are growing in size and frequency but remain short and rapid.
"We've seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale," Cloudflare stated.
[Related: Trend Micro to launch automotive cyber security solution]
Be the first to hear the latest developments in the cyber industry.
