The attack clocked at 15.3 million requests per second (rps), making it the largest HTTPS-based distributed denial-of-service (DDoS) attack the company has ever mitigated.
While the attack is not the largest application-layer attack, it is the largest Cloudflare has seen carried out over HTTPS, an encrypted version of the Hypertext Transfer Protocol.
According to Cloudflare, HTTPS DDoS attacks are more complicated and resource-expensive since they require more computational power to establish a secure TLS encrypted protocol.
“It costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,” Cloudflare’s blog post claims.
For example, the largest attack the company has ever seen registered at 17.2 million rps. However, the attack was HTTP-based. The largest known attack was carried out against a Russian tech firm Yandex and witnessed 22 million rps.
Cloudflare claims that the HTTPS-based attack targeted a crypto launchpad operator. Crypto launchpads are business incubators that allow blockchain-based projects to raise capital in exchange for perks directed at investors.
The crypto launchpad was attacked using a known botnet Cloudflare chose not to reveal. According to the blog post, in the past, the same botnet was used to carry out large attacks, some as high as 10 million rps.
Interestingly enough, the attack mostly came from cloud-based data centers. Usually, botnets consist of infected computers operating from residential networks.
Threat actors used close to 6,000 unique bots, with the largest share (15%) of attack traffic originating from Indonesia, followed by Russia, Brazil, India, Colombia, and the United States.
The recent year saw several record-breaking attacks, indicating the resurgence of botnet operators.
For example, last November, Cloudflare detected and stopped a multi-vector attack that combined DNS amplification attack and UDP flood. Peaking at just under 2 Tbps, it was among the largest ever recorded.
During DDoS attacks, vast numbers of “bots” attack target computers. Hence, many entities are attacking a target, which explains the “distributed” part. The bots are infected computers spread across multiple locations. There isn’t a single host. You may be hosting a bot right now and not even know it.
When DDoS attackers direct their bots against a specific target, it has some pretty unpleasant effects. Most importantly, a DDoS attack aims to trigger a “denial of service” response for people using the target system. This takes the target network offline.
If you’ve repeatedly struggled to access a retail website, you may well have encountered a denial of service. And it can take hours or days to recover from.
More from Cybernews:
Subscribe to our newsletter