Cloudflare announced on Wednesday that it had taken steps to neutralize a distributed denial-of-service (DDoS) attack at a rate of 15.3 million requests per second (RPS). According to the web infrastructure and website security business, it was one of the “largest HTTPS DDoS attacks on record.”
Cloudflare’s Julien Desgats and Omer Yoachimik said that HTTPS DDoS attacks are far more costly in terms of necessitated computational resources because the cost involved in setting up a secure TLS encrypted connection is higher. As a result, the attacker pays more to initiate the attack, and the victim pays more to neutralize it.
The volumetric DDoS attack reportedly lasted less than 15 seconds and was directed at an undisclosed Cloudflare client running a crypto launchpad. Volumetric DDoS attacks are intended to overwhelm a target network/service with large amounts of malicious traffic, which usually originates from a botnet controlled by a threat actor.
According to Cloudflare, the current attack was launched via a botnet including about 6,000 different infected devices, with Indonesia accounting for 15% of the attack traffic, followed by Russia, Brazil, India, Colombia, and the United States.
“What’s interesting is that the attack mostly came from data centers,” Desgats and Yoachimik noted. “We’re seeing a big move from residential network Internet Service Providers (ISPs) to cloud compute ISPs.”
Record-setting DDoS attacks have become more regular in the past few months. Cloudflare revealed the most significant application-layer attack ever witnessed in August 2021, while Microsoft stated earlier this year that it had thwarted numerous DDoS attacks totaling 2.4 terabits per second (Tbps).