Cloudflare, an Internet infrastructure company, last week recorded the largest-ever HTTPS DDoS attack at up to 26 million requests per second (rps). The attackers hit the website of an unnamed customer of the company, which uses a free tariff plan.
The attack came mainly from cloud service providers rather than resident ISPs, which the company said indicates the use of stolen virtual machines and powerful servers to carry out the attack instead of much weaker Internet of Things (IoT) devices.
A DDoS attack at 26 million rps was also made by a small but powerful botnet with 5067 devices. Each node generated about 5,200 requests per second at peak. Cloudflare compared it to the larger botnet of 730,000 devices it tracked before. A larger botnet could not generate more than one million requests per second, which is, for example, about 1.3 requests per second on average per device. On average, a botnet with 26 million rps was 4,000 times more powerful due to the use of virtual machines and servers.
The company added that it should be noted that the attack was carried out via HTTPS. “HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection,” said Cloudflare. “Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”
In less than 30 seconds, the botnet generated more than 212 million HTTPS requests from more than 1,500 networks in 121 countries. Leading countries include Indonesia, the United States, Brazil and Russia, with about 3% of attacks via Tor sites. The main source networks were the French OVH, the Indonesian Telkomnet, the American iboss and the Libyan Ajeel.
Cloudflare said its recent report on DDoS trends shows that most attacks are small, such as cyber vandalism. However, even small attacks can seriously affect unprotected Internet resources. The company added that large attacks increase in size and frequency, but remain short and fast. Attackers concentrate the power of their botnet, trying to inflict damage with one quick knockout blow, trying to avoid detection.
- MacPaw’s ClearVPN has received an international cybersecurity award
- Anonymous leaks data of pro-Kremlin Killnet hacker group