The DDoS attack originated from 121 countries and was powered by a small botnet of only 5,067 hacked IoT devices.
Cloudflare has reported stopping a record-breaking HTTPS DDoS attack (distributed denial of service attack) this month. The company claims this attack peaked at 26 million requests per second (RPS), making it the largest ever HTTPS DDoS flood recorded.
It is worth noting that in April 2022, Cloudflare reported stopping a similar attack that peaked at 15.3 million rps. Evidently, the latest attack is significantly larger than the previous one. Cloudflare is an American DDoS mitigation, SSL certificate service, and content delivery network.
An Unusual Attack
Cloudflare’s product manager, Omer Yoachimik, noted that the target was a customer using a Free plan. The previous largest DDoS attack reported by the company was also targeted against one of its customers.
The latest attack is far more unusual than the one it mitigated in April. That’s because of several factors, such as the size and the fact that attackers used junk HTTPS requests.
Moreover, the attack came from Cloud Service Providers instead of Residential ISPs, and virtual servers and machines were hijacked to launch this attack rather than low-bandwidth, infected IoTs (internet of things) devices.
The company reaffirmed that all the customers using its Free and Pro plans are protected against DDoS and similar attacks regardless of the attack duration or size.
Cloudflare explained that a relatively tiny but powerful botnet was used to carry out this DDoS attack. Surprisingly, the botnet comprised only 5,067 devices. The attack originated from 121 countries, and each node made 5,200 rps at its peak moment.
Within 30 seconds, the botnet generated 212 million requests over 1,500 networks, which is more powerful than other botnets the company has tracked so far, some of which even comprised over 730,000 devices at an average of 1.3rps/device.
Most requests came from Indonesia, Brazil, the USA, and Russia. Conversely, around 3% of this attack was carried through TOR connections. Since the attack involved HTTPS, it cost attackers more money to launch it, and the company bore a massive financial burden for mitigating it.
“HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”
Cloudflare – Blog post