According to Cloudflare, the attacker hijacked virtual machines (VMs) and servers in several countries and turned them into an international botnet, generating 26 million requests per second (rps). Distributed Denial-of-Service (DDoS) is a type of attack where a threat actor inundates a server with traffic from different sources to disrupt a website or online service. This temporarily prevents people from being able to access a website or web-based service.
Record 26M Rps Attack
The 26M rps DDoS attack originated from a compact but surprisingly powerful botnet of 5,067 devices, CloudFlare said. According to the company, this botnet is “4,000 times stronger [than others] due to its use of virtual machines and servers.” Cloud-based DDoS attacks are vastly more powerful than those that leverage Internet of Things (IoT) devices, Cloudflare explained. This attack is similar to another one with slightly less oomph—15 million rps—that Cloudflare reported in April. In August 2021, Cloudflare also reported a 17.2M rps DDoS attack.
Attack Launched Over HTTPS
This attack was launched over HTTPS (Hypertext Transfer Protocol Secure), so it must have been a costly operation, as this requires a secure Transport Layer Security (TLS) connection and additional resources. HTTPS DDoS attacks “costs the attacker more to launch the attack, and for the victim to mitigate it,” Cloudflare added. In less than 30 seconds, the attack leveraged 1,500 networks in 121 countries, including Tor nodes, to generate a formidable 212 million HTTPS requests. The top three source networks that distributed the attack were Cloud Service Providers—France’s OVH, Indonesia’s Telkomnet, and US’ iBoss.
Cloudflare’s Remarks on the DDoS Threat Landscape
Most DDoS attacks are relatively innocuous and amount to forms of cyber vandalism, but large-scale attacks are increasingly becoming a threat, Cloudflare said. Attackers are now looking to “concentrate their botnet’s power to try and wreak havoc with a single blow.” This speedy approach also allows the threat actor to avoid detection. Swift ‘hit-and-run’ DDoS attacks are hard to detect, but they leave a long-lasting impact. The ramifications of such an attack, like “network and application failure events,” can linger long after the attack is over, Cloudflare said. This can cost organizations their reputation and revenue. To protect your organization from quick-burst, novel DDoS attacks, Cloudflare recommends an “automated always-on protection service,” which removes the human error component. Cloudflare’s “HTTP DDoS Managed Ruleset” and “autonomous edge DDoS protection system” were instrumental in stopping this record-breaking attack. If you run an organization, and you’re concerned about a DDoS attack overwhelming your servers, consult a Managed Security Service Provider (MSSP). DDoS attacks can be weaponized to jam and bring down anything from stock exchanges to government defenses, and can even endanger human lives. It is believed that a large-scale DDoS attack was responsible for the shutdown of all Meta platforms late last year.
