Cloudflare announced the prevention of the largest DDoS attack to date, reaching 17.2 million HTTP requests per second, three times the power of other known attacks.
The incident happened last month and targeted one of Cloudflare’s financial customers. According to the company, an unknown attacker used a botnet of 28,000 infected devices to send HTTP requests to a client’s network.
Based on the IP addresses of the infected devices, Cloudflare experts estimate that 15% of traffic came from Indonesia, with another 17% from India and Brazil.
These attacks are commonly referred to as “volumetric” attacks and differ from classic DDoS attacks in that attackers focus on sending as many unwanted HTTP requests as possible to the victim’s server in order to load its CPU and RAM, hindering users use targeted sites.
Although the attack peaked at 17.2 million requests for only a few seconds, the attacker spent hours forcing his botnet to attack the victim. As a result, Cloudflare had to process over 330 million unwanted HTTP requests. Thus, for Cloudflare, this attack was equal to 68% of legitimate HTTP traffic processed by the company on average in the second quarter of 2021 (about 25 million requests per second).
Moreover, the hacker did not stop after the first incident: in the following weeks, the same botnet carried out two other large-scale attacks, including another one with a maximum capacity of 8 million requests per second, aimed at an unnamed hoster.
Cloudflare says it is currently tracking the evolution of this botnet, which appears to be based on a modified version of the well-known IoT malware Mirai.