IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cloudflare mitigates biggest ever HTTPS DDoS attack

A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries

Cloudflare automatically detected and mitigated a 26 million request per second (rps) DDoS attack, which it claims is the largest HTTPS DDoS attack on record.

The attack targeted a customer website using Cloudflare’s Free plan last week, the company revealed. The attack originated mostly from Cloud Service Providers instead of Residential Internet Service Providers, which the company said indicates the use of hijacked virtual machines and powerful servers to generate the attack, instead of much weaker Internet of Things (IoT) devices.

The 26M rps DDoS attack also originated from a small but powerful botnet of 5,067 devices. Each node generated around 5,200 rps at peak. Cloudflare compared this to a larger botnet of 730,000 devices it has been tracking. The larger botnet wasn’t able to generate more than one million requests per second, which is around 1.3 requests per second on average per device for example. On average, the 26M rps botnet was 4,000 times stronger due to its use of virtual machines and servers.

The company added that it’s worth noting the attack was over HTTPS. “HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection,” said Cloudflare. “Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”

Within less than 30 seconds, the botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries. The top countries were Indonesia, the United States, Brazil and Russia, with about 3% of the attacks coming through Tor nodes. The top source networks were the French-based OVH, the Indonesian Telkomnet, the US-based iboss, and the Libyan Ajeel.

Related Resource

Understanding the economics of in-cloud data protection

Data protection solutions designed with cost optimisation in mind

Whitepaper cover with title below a gradient orange pixelated banner and text and graph belowFree Download

Cloudflare pointed out that its recent DDoS Trends report shows that most of the attacks are small, like cyber vandalism, However, even small attacks can severely impact unprotected Internet properties. It added that large attacks are growing in size and frequency, but remain short and rapid. Attackers concentrate their botnet’s power to try and wreak havoc with a single quick knockout blow, trying to avoid detection.

The company highlighted some of the record-breaking attacks it witnessed over the past year. In August 2021, it disclosed a 17.2M rps HTTP DDoS attack, and more recently in April 2022, a 15M rps HTTPS DDoS attack.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022