SECURITY
SECURITY
SECURITY
Cloudflare detects and mitigates largest-ever HTTPS DDoS attack
Content delivery network provider Cloudflare Inc. revealed today that it has managed to detect and mitigate a 26 million-request-per-second distributed denial-of-service attack, the largest such attack on record for HTTPS, a secure way to send a web server and a browser.
The strike, which took place last week, targeted a customer website using Cloudflare’s free plan. It originated from cloud service providers rather than residential internet service providers, indicating the use of hijacked virtual machines and servers to generate the attack, as opposed to “internet of things” devices.
The DDoS involved using a “small but powerful” botnet of 5,067 devices, with each node generating about 5,200 requests per second at the attack’s peak. Omer Yoachimik, product manager at Cloudflare, notes that by contrast, the company has been tracking a much larger but less powerful botnet of more than 730,000 devices that can generate no more than 1 million requests per second or 1.3 requests per second per device. “Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers,” Yoachimik wrote.
It’s also noted that the attack was over HTTPS. Although HTTPS attacks are not without precedent, they are somewhat rarer because of the expense involved. An HTTPS DDoS attack requires establishing a secure so-called TLS encryption connection, costing the attacker more to launch the attack and for the victim to mitigate it.
Although this was a record HTTPS DDoS attack, there have been much higher traditional DDoS attacks, including an attack peaking at 809 million packets per second in 2020.
The botnet attack generated more than 212 million HTTPS requests from more than 1,500 networks in 121 countries. The top countries were Indonesia, the U.S., Brazil and Russia. Some 3% of the attacks came via Tor nodes that are used to conceal a user’s location from a destination such as a website or web server.
Yoachimik said that it’s important to understand the attack landscape when thinking about DDoS protection, noting that even small attacks can severely hurt unprotected internet properties.
“On the other hand, large attacks are growing in size and frequency — but remain short and rapid. — and attackers concentrate their botnet’s power to try and wreak havoc with a single quick knockout blow, trying to avoid detection,” he added. “It is recommended to protect your internet properties with an automated always-on protection service that does not rely on humans to detect and mitigate attacks.”
Image: Cloudflare
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
