Cloudflare wards off the largest DDoS attack, involving 17.4 million rps, one of the largest recorded to date.
The company in a blog post mentioned the DDoS attack on Thursday. The attack targeted an unnamed Cloudflare customer in the financial sector last month. The attack was launched via a Mirai botnet; it managed to bombard the Cloudflare edge with over 330 million attack requests. At one point in time, it spiked to around 17.2 million requests per second (rps) considered to be the highest ever recorded.
According to Cloudflare, this attack was three times bigger than earlier HTTP DDoS attacks reported. Such attacks are designed to target a specific network with an intention to overwhelm its bandwidth capacity. They often utilize reflective amplification techniques to scale their attack to cause as much operational disruption as possible.
Such attacks are also known to originate from a network of malware-infected systems such as computers, servers, and IoT devices. This enables the threat actors to seize control and transform these machines into botnets capable of generating an influx of junk traffic directed against the victim.
In the incident that took place on Thursday, traffic was generated from nearly 20000 bots in 125 countries worldwide. While 15% of this traffic was generated from Indonesia, followed by India, Brazil, Vietnam, and Ukraine.
The interesting fact is 17.2 million rps accounts for 68% of the average rps rate of legitimate HTTP traffic processed by Cloudflare in Q2 2021. The legitimate HTTP traffic processed by Cloudflare is at 25 million HTTP rps.
This is not the first time threat actors have tried to attack Cloudflare. Earlier a similar Mirai botnet attack was carried out on a hosting provider with HTTP DDoS attack that peaked a little below 8 million rps.
Cloudflare concluded by saying, “While the majority of attacks are small and short, we continue to see these types of volumetric attacks emerging more often. It’s important to note that these volumetric short burst attacks can be especially dangerous for legacy DDoS protection systems or organizations without active, always-on cloud-based protection.”