June 21, 2022

Cloudflare Stops Record DDoS Attack with 26 million rps

Industry: N/A | Level: Strategic | Source: Cloudflare

Cloudflare identified and mitigated a distributed denial-of-service attack amassing a record 26 million requests per second (rps). Details shared by Cloudflare, “The attack targeted a customer website using Cloudflare’s Free plan. Similar to the previous 15M rps attack, this attack also originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices.” The botnet responsible for the attack was discovered to be compromised of 5,067 devices, and capable of generating an excess of 212 million HTTPS requests within 30 seconds. Requests were generated through 1,500 networks in 121 countries worldwide. The top source by country was Indonesia accounting for over 15% of the traffic followed by the United States, Brazil, and Russia. The usage of HTTPS for the attack is of relevance also as HTTPS requests are more demanding on computational resources for both the attacker and victim due to the need of establishing a TLS encrypted connection.