Cloudflare’s systems recently automatically detected and mitigated a 15.3 million request-per-second (rps) DDoS attack — one of the largest HTTPS DDoS attacks on record, the cybersecurity company announced in a blog post last week.
The attack, which happened in April, was the largest Cloudflare had seen over HTTPS. HTTPS DDoS (Distributed Denial of Service) attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection, the company explained on their blog. Therefore they explain it costs the attacker more to launch the attack, and for the victim to mitigate it. This attack stood out because of the resources it required at its scale.
The attack lasted less than 15 seconds, targeted a Cloudflare customer operating a crypto launchpad. Crypto launchpads are used to surface Decentralised Finance projects to potential investors. The attack was launched by a botnet Cloudflare been observing. Previously large attacks as high as 10M rps matching the same attack fingerprint had been observed.
Another interesting point about the attack observed by Cloudflare was it mostly came from data centres. This was a change from residential network Internet Service Providers (ISPs) to cloud compute ISPs. The attack was launched from a botnet of approximately 6,000 unique bots, originating from 112 countries. Indonesia was responsible for the most traffic, account for almost 15% of the attack traffic, with followed by Russia, Brazil, India, Colombia and the United States.
Within those countries, the attack originated from over 1,300 different networks. The top networks Cloudflare noted on their blog post included the German provider Hetzner Online GmbH (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186), OVH in France (ASN 16276), as well as other cloud providers.
The full blog post from Cloudflare is here.