IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cloudflare mitigates biggest ever HTTPS DDoS attack

A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries

Cloudflare automatically detected and mitigated a 26 million request per second (rps) DDoS attack, which it claims is the largest HTTPS DDoS attack on record.

The attack targeted a customer website using Cloudflare’s Free plan last week, the company revealed. The attack originated mostly from Cloud Service Providers instead of Residential Internet Service Providers, which the company said indicates the use of hijacked virtual machines and powerful servers to generate the attack, instead of much weaker Internet of Things (IoT) devices.

The 26M rps DDoS attack also originated from a small but powerful botnet of 5,067 devices. Each node generated around 5,200 rps at peak. Cloudflare compared this to a larger botnet of 730,000 devices it has been tracking. The larger botnet wasn’t able to generate more than one million requests per second, which is around 1.3 requests per second on average per device for example. On average, the 26M rps botnet was 4,000 times stronger due to its use of virtual machines and servers.

The company added that it’s worth noting the attack was over HTTPS. “HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection,” said Cloudflare. “Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”

Within less than 30 seconds, the botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries. The top countries were Indonesia, the United States, Brazil and Russia, with about 3% of the attacks coming through Tor nodes. The top source networks were the French-based OVH, the Indonesian Telkomnet, the US-based iboss, and the Libyan Ajeel.

Related Resource

Understanding the economics of in-cloud data protection

Data protection solutions designed with cost optimisation in mind

Whitepaper cover with title below a gradient orange pixelated banner and text and graph belowFree Download

Cloudflare pointed out that its recent DDoS Trends report shows that most of the attacks are small, like cyber vandalism, However, even small attacks can severely impact unprotected Internet properties. It added that large attacks are growing in size and frequency, but remain short and rapid. Attackers concentrate their botnet’s power to try and wreak havoc with a single quick knockout blow, trying to avoid detection.

The company highlighted some of the record-breaking attacks it witnessed over the past year. In August 2021, it disclosed a 17.2M rps HTTP DDoS attack, and more recently in April 2022, a 15M rps HTTPS DDoS attack.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022