Cloudflare explained that it wasn’t the largest application-layer attack but the largest ever noted in the HTTPS category.
nternet Infrastructure company Cloudflare has mitigated one of the world’s largest distributed denial of service attacks (DDoS attacks) recorded to date. According to Cloudflare’s blog post published on April 27th, the company mitigated a 15.3 million rps (request-per-second) DDoS attack earlier in April 2022.
That’s one of the largest HTTPS DDoS attacks recorded so far. It is worth noting that HTTPS DDoS attacks extract more computing power from the device and tend to be more expensive since creating a secure TLS encrypted connection is far costlier than traditional attacks.
“Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,”Omer Yoachimik and Julien Desgats – Cloudflare
In August 2021, Cloudflare stopped the largest ever recorded DDoS attack involving 1.72 million HTTP rps. This figure was three times larger than all previously registered volumetric DDoS attacks.
Volumetric and Bandwidth Attacks
It is worth noting that volumetric DDoS attacks are different from conventional bandwidth DDoS attacks. In the latter, the attacker tries to exhaust and clog up the internet connection bandwidth of the targeted device.
In contrast, in the former, the attacker focuses on bombarding the victim with as many junk HTTP requests as possible to use up the server CPU and RAM. Moreover, volumetric DDoS attacks prevent other legit users from accessing/visiting the website.
Details of the Attack
According to Cloudflare, the victim was its customer using a crypto launchpad that surfaces DeFi (decentralized finance) projects to potential investors. Cloudflare revealed that around 1,300 different networks, including top networks like German provider Hetzner Online GmbH, OVH in France, Azteca Comunicaciones Colombia, and other cloud providers, were used for the attack.
However, the attack lasted less than fifteen seconds and was launched from a botnet comprising 6,000 unique bots originating from 112 countries. 15% of the traffic originated from Indonesia, while other most prominent countries included Russia, Brazil, India, Colombia, and the USA.
Cloudflare didn’t clarify whether the attack was linked to the Emotet botnet, but it did admit that it came from a botnet they have been tracking lately. Another interesting finding Cloudflare shared is that the attack originated from data centers mostly.