Cloudflare has reported that it successfully neutralized the largest recorded DDoS attack in history. The attack, a 26 million request per second onslaught, targeted a customer on the Cloudflare free plan. Luckily for the customer, the Cloudflare security system was able to automatically detect and neutralize the threat.
Just like it was in a previous 15 million request per second attack (rps) – which was also successfully mitigated by the platform – this attack originated not from residential internet service providers but from cloud service providers. As such, it is safe to rule out the relatively weaker Internet of Things devices (IoT) as tools for this sort of attack. Instead, they are usually indicative of malicious actors hijacking virtual machines and powerful servers capable of generating such large-scale requests.
One Record-Breaking Attack After the Other
In the past year alone, the sophistication of DDoS attacks has seen a remarkable increase. Beginning as far back as August 2021, a 17.2 million rps HTTPS DDoS attack was recorded and stopped by Cloudflare, before another 15 million rps HTTPS attack was recorded again in April 2022.
The 26 million rps attack just announced by the company was said to originate from a group of small but powerful botnets consisting of no less than 5000 devices. Each node generated an average of 5,200 rps at its peak.
Cloudflare’s security system for detecting and mitigating these large-scale HTTP DDoS attacks is none other than their HTTPS DDoS Managed Ruleset, powered by the company’s own automated edge DDOS protection system.
Tracking DDoS Botnets
The company also reported that they have been tracking another much larger botnet which apparently consists of more than 730,000 devices. The total requests from this botnet, however, could only equate to about 1.3 requests per second for each device, totaling a cumulative of no more than 1 million requests per second.
The 26 million rps DDoS botnet just mitigated was able to generate far more thanks to its use of powerful virtual machines and dedicated servers.
Another point the company made sure to emphasize in the report is the fact that these attacks are specifically HTTPS DDoS attacks, which are generally more expensive to perpetuate thanks to the higher cost involved in getting a secure TLS encrypted connection.
Not only do they cost more for the attackers to launch, they also cost more for the recipient to stop. In less than 30 seconds, the attackers were able to launch more than 212 million HTTPS requests per second, all coming from 121 countries, among which Indonesia, the USA, Russia, and Brazil were the highest sources.
DDoS and a Secure Future for the Internet
Looking at Cloudflare’s DDoS trends report, it is clear that most of the DDoS threat landscape is filled with small-level attacks such as cyber vandalism. Of course, these “small” attacks are more than capable of causing profound consequences.
On the other hand, large-level attacks continue to grow in size and frequency but are carried out quickly.
For a safer internet, it becomes more and more imperative that webmasters and business owners secure their online assets with solid, always-on protection that is self-sufficient and does not require human intervention in preventing and stopping attacks in real-time.