Cloudflare, an internet infrastructure company, announced on Wednesday, April 27, that it has successfully mitigated one of the largest volumetric distributed denial of service (DDoS) attacks ever recorded.
The DDoS Attack
Cloudflare said that earlier this month, it detected and mitigated a 15.3 million request-per-second (RPS) DDoS attack, making it one of the largest HTTPS DDoS attacks up to date.
The Record mentioned that while it wasn't the largest application-layer attack they'd seen, the company said it was the largest over HTTPS.
"HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection.
Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We've seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale," read Cloudflare blog.
Read More: Sports Brand Mizuno Suffers Ransomware Attack, Orders Delayed: Is There A Way to Prevent Malware?
As per the report of The Record, traditional bandwidth DDoS attacks, in which attackers attempt to exhaust and jam the victim's internet connection bandwidth, are different from volumetric DDoS attacks.
Instead, attackers concentrate on sending as many junk HTTP requests as possible to a victim's server in order to consume valuable server CPU and RAM and prevent legitimate users from accessing targeted sites.
Who Is the Target of a DDoS Attack?
Cloudflare said that the attack lasted less than 15 seconds and targeted a Cloudflare Professional (Pro) plan customer who was running a crypto launchpad. The company said that crypto launchpads are "used to surface Decentralized Finance projects to potential investors." The attack was carried out by a botnet that Cloudflare has been tracking, and has seen huge attacks as many as 10 million RPS matching the same attack fingerprint.
It's worth noting that the majority of the attacks emanated from data centers. Cloudflare said it is "seeing a big move from residential network Internet Service Providers (ISPs) to cloud compute ISPs."
The company claimed that its customers are safe from this botnet and do not need to take any action. Cloudflare didn't name the botnet.
Where Did the Attack Come From?
According to The Register, about 6,000 distinct bots were employed in the botnet, which came from over 1,300 different networks in 112 countries throughout the world, with Indonesia accounting for about 15% of the traffic.
Russia, Brazil, India, Colombia, and the U.S. were among the other countries that generated the greatest traffic.
The attacker's purpose is sometimes to extort money from the victim, promising to stop the attack provided the money demanded is paid.
How Did Cloudflare Beat the DDoS Attack?
Cloudflare, as per the report of The Register, was able to defeat the DDoS onslaught thanks to a software-based system that detects and mitigates DDoS attacks throughout the network without the need for human intervention. The system takes traffic samples, analyzes them, and takes action if necessary.
"The analysis is done using data streaming algorithms. HTTP request samples are compared to conditional fingerprints, and multiple real-time signatures are created based on dynamic masking of various request fields and metadata. Each time another request matches one of the signatures, a counter is increased. When the activation threshold is reached for a given signature, a mitigation rule is compiled and pushed inline," Cloudflare said.
Related Article: Cybersecurity Hackers Defending Ukraine After Conti Ransomware Gang Sides With Russia
