Cloudflare said it prevented the biggest distributed denial of service attack (DDoS) in July, which was carried out by Mirai botnet. The attack reached a maximum of 17 million requests per second.
In Q2 2021, Cloudflare handled more than 25 million HTTP requests per second, which means the attack has put an almost double load on its servers.
Cloudflare’s Omer Yoachimik noted that the attack was carried out by a group of bots that were targeting a financial institution customer of Cloudflare. The attack was incredibly successful and hit the Cloudflare edge with over 330 million requests.
The botnet traffic originated from 20,000 bots distributed across 125 countries, according to Yoachimik.
“Based on the bots’ source IP addresses, almost 15% of the attack originated from Indonesia and another 17% from India and Brazil combined. Indicating that there may be many malware infected devices in those countries,” Yoachimik said in an report.
This attack reached 17.2 million rps of traffic and is the largest HTTP DDoS attack ever witnessed by Cloudflare.
Cloudflare has seen this particular botnet several times over the past couple of weeks. It most recently attacked its another client, a hosting provider, with 8 million rps. Two weeks prior to that, Cloudflare fended off “over a dozen UDP and TCP based DDoS attacks that peaked multiple times above 1 Tbps, with a max peak of approximately 1.2 Tbps.”
Customers of Cloudflare who have been targeted included a gaming company and a major APAC-based telecommunications and hosting provider.
The number of attacks conducted by the Mirai botnet has increased significantly despite its shrinking to 28,000 bots from around 30,000 bots.
“These attacks join the increase in Mirari-based DDoS attacks that we’ve observed on our network over the past weeks. In July alone, L3/4 Mirai attacks increased by 88% and L7 attacks by 9%,” Yoachimik said. “Additionally, based on the current August per-day average of the Mirai attacks, we can expect L7 Mirai DDoS attacks and other similar botnet attacks to increase by 185% and L3/4 attacks by 71% by the end of the month.”