Cloudflare reports that it recently stopped the biggest HTTPS DDoS attack that has ever been seen.
Director of Product Omer Yoachimik revealed in a blog post(which opens on a new page) that the company instantly detected and slowed down the threat of 26 million requests every second (RPS) attack on websites of customers through the company’s Free plan.
The attack was caused by attackers employing hijacked virtual machines and servers, instead of Internet of Things (IoT) devices, which send dangerous traffic(opens in a new window), the company claimed.
The company estimates that around five thousand devices were utilized for the attack as well as each endpoint(which opens on a new page) generated roughly 5,200 RPS during the peak.
Expensive attacks
This demonstrates just how risky virtual servers and virtual machines are in the case of DDoS attacks according to the company as well as other botnets of a larger size can’t replicate only a tiny fraction of the power.
30 seconds after an attack on the internet, the malware was able to generate more than 221 million HTTPS queries from more than 1500 networks that are located in 121 countries.
The majority of requests were made from Indonesia and in the US, Brazil, and Russia. A little over 3% of attacks came via Tor nodes.
The most popular source networks include the French-based OVH (Autonomous Systems Number 16276) The Indonesian Telkomnet (ASN 713) and the US-based boss (ASN 137922) and the Libyan Ajeel (ASN 37284) The blog also mentions.
Cloudflare further stated that the attack occurred over HTTPS which means it is more costly in terms of needed computational resources because creating an encrypted TLS encrypted connection is more costly.
Therefore, it costs more to stop the threat, Cloudflare said. “We’ve experienced massive attacks before over (unencrypted) HTTP, but this one is notable due to the number of resources required to carry out its size,” the blog reads.
Larger attacks are increasing in both the size and the frequency of attacks, Cloudflare warns. But they’re still brief and quick in the attempt of threat actors to create as much destruction as they can, but not be detected.