Cloudflare Mitigates Largest HTTPS DDoS Attack Aimed At A Crypto Company
The internet infrastructure and risk-mitigating company, Cloudflare Inc., reportedly prevented the largest distributed denial of service (DDoS) attack earlier this month, calling it the most volumetric attack the company has recorded to date. The attack in question was aimed at a crypto platform.
The number of requests per second (rps) of the current DDoS attack is recorded at 15.3 million, the highest HTTPS DDoS attack the company detected and mitigated in its history.
Related Reading | Meta (FB) Reports Q1 Loss Of Nearly $3 Billion – What Went Wrong?
Traditional bandwith DDoS attacks differ from such volumetric DDoS attacks in which hackers send thousands of HTTPS requests to the victim’s server to take control of the precious server’s CPU and RAM. And having access to these allows them to stop legitimate users from connecting to targeted sites. Alternatively, Bandwidth DDoS attacks users’ internet connection bandwidth and attempt to clog up and disrupt it.
Cloudflare’s researchers, Omer Yoachimik and Julien Desgats, added,
HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore it costs the attacker more to launch the attack and for the victim to mitigate it.
Cloudflare publicly reported its previous achievement of preventing a DDoS attack in August 2021. However, the attack recorded 17.2 million HTTP requests per second (rps) which the company called three times larger than the prior attacks that the platform has ever mitigated.
Now, the company announced at the beginning of this month that it had detected another HTTPS attack that targeted a cryptocurrency firm. Around 6000 individual bots launched the attack, located from 112 countries, connected on a botnet.
Cloudflare made it clear noting that it is the largest attack recorded over HTTPS but not the biggest application-layer attack.
Cloudflare’s Data Shows Residential Networks Of ISPs Involved
Cloudflare provided data shows that 15% of the attack originated from Indonesia, followed by Brazil, Russia, India, Colombia, and the United States.
The other worth noting fact driven by the data center of Cloudflare highlights that residential networks of Internet Service Providers (ISPs) make a big move to cloud computing ISPs.
HTTPS DDoS requires a massive collection of computational resources to establish a secure TLS encrypted connection, which requires a higher cost. “Therefore, it costs the attacker more to launch the attack and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.” said the company’s representatives.
Related Reading | UAE Real Estate Giant To Accept Bitcoin, Ethereum As Payment For Posh Abodes
The attacker behind the current HTTPS DDoS attack aimed at a crypto launchpad used to surface “Decentralized Finance projects to potential investors.”
Notably, the attack is detected automatically via Cloudflare’s in-built software-designed system, which runs autonomously across the whole network. Similarly, the software detected and mitigated the attack without the intervention of a human being.
The most extensive bandwidth DDoS attack ever recorded is 2.3 terabytes per second (Tbps), detected by Amazone Web Services in Feb 2020.
Featured image from Pixabay and chart from TradingView.com
