Content delivery network provider Cloudflare Inc. today revealed that it successfully detected and mitigated a distributed denial of service attack of 26 million requests per second, the largest such attack ever recorded. for HTTPS, a secure way to send a server website and browser.
The strike, which took place last week, targeted a customer website using Cloudflare’s free plan. It came from cloud service providers rather than home internet service providers, indicating the use of virtual machines and hacked servers to generate the attack, as opposed to “Internet of Things” devices.
The DDoS involved the use of a “small but mighty” botnet of 5,067 devices, with each node generating around 5,200 requests per second at the height of the attack. Omer Yoachimik, product manager at Cloudflare, notes that in contrast, the company has tracked a much larger but less powerful botnet of over 730,000 devices that cannot generate more than 1 million requests per second or 1 .3 requests per second per device. “Clearly, this botnet was, on average, 4,000 times more powerful due to its use of virtual machines and servers,” Yoachimik wrote.
It is also noted that the attack was over HTTPS. Although HTTPS attacks are not unprecedented, they are somewhat rarer due to the expense involved. An HTTPS DDoS attack requires the establishment of a secure connection known as TLS encryption, which costs more for the attacker to launch the attack and for the victim to mitigate it.
Although this was a record HTTPS DDoS attack, there have been many more traditional DDoS attacks, including an attack peaking at 809 million packets per second in 2020.
The botnet attack generated over 212 million HTTPS requests from over 1,500 networks in 121 countries. The main countries were Indonesia, the United States, Brazil and Russia. About 3% of attacks came through Tor nodes which are used to conceal a user’s location from a destination such as a website or web server.
Yoachimik said it’s important to understand the attack landscape when thinking about DDoS protection, noting that even small attacks can severely harm unprotected Internet properties.
“On the other hand, large-scale attacks increase in size and frequency, but remain short and quick – and attackers focus their botnet’s power in an attempt to wreak havoc with a single quick knockout blow, trying to avoid detection,” he added. “It is recommended that you protect your Internet properties with an always-on, automated protection service that does not rely on humans to detect and mitigate attacks.