Cloudflare noted that it successfully mitigated a 26 million request per second Distributed Denial of Service (DDoS) attack.
Given the volume of requests issued, it is considered the largest HTTPS DDoS attack detected to date.
An unprecedented DDoS attack
The attack notified by Cloudflare It happened last week and fell on one of the clients of this Internet infrastructure company who used the free plan.
It is estimated that whoever is behind this probably used hijacked servers and virtual machines, seeing that the attack originated from cloud service providers, rather than weaker Internet of Things (IoT) devices from Internet service providers. compromised residences.
According to Cloudflare, the 26 million requests per second DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 requests per second, at its busiest.
To measure the size of this botnet, Cloudflare points to another much larger, but less powerful, botnet of more than 730,000 devices as an example. This botnet, despite being larger, was not able to generate more than a million requests per second, that is, approximately 1.3 requests per second on average per device.
A fact that deserves a separate mention is that this attack was carried out through HTTPS . HTTPS DDoS attacks are more expensive in terms of computational resources required, due to the higher cost of establishing a secure TLS encrypted connection.
The type of attack used is usually associated with small actions, such as cyber vandalism. However, even small attacks may be able to strongly affect unprotected Internet properties.
Based on trends spotted by security experts, major attacks are growing in size and frequency, but they remain short and fast. Attackers concentrate the power of their botnet to try to wreak havoc with a single, quick knockout blow, trying to avoid detection.
DDoS attacks can be initiated by humans, but in practice they are machine generated. By the time humans can detect and respond to the attack, the malicious procedure may be over. Even if the attack was quick, network and system/application failure events originating from the attacked server can extend long after the attack is over, resulting in significant expense and reputational sacrifice. .