15 June 2022

Record-breaking HTTPS DDoS attack generated 26 million request per second


Record-breaking HTTPS DDoS attack generated 26 million request per second

Cloudflare has mitigated a record-breaking HTTPS DDoS attack, an internet infrastructure company said on Tuesday.

The incident occurred last week and was aimed at one of Cloudflare's customers. Using breached servers and virtual machines the threat actor sent 26 million request per second to a victim’s website, which makes the attack the largest HTTPS DDoS attack ever recorded.

According to Cloudflare, the attack originated from a small but powerful botnet of 5,067 devices. On average, each bot generated approximately 5,200 requests per second at peak. Thanks to the use of breached servers and virtual machines, the botnet is 4 thousand times more powerful than the botnet of 730,000 IoT devices. This larger botnet, which was observed by Cloudflare earlier, generated less than one million requests per second, i.e. roughly 1.3 requests per second on average per device.

Within less than 30 seconds, the botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries, including Indonesia, the United States, Brazil and Russia. About 3% of the attack came through Tor nodes.

HTTPS DDoS attacks are more expensive, said the experts. To conduct this type of attack a threat actor needs a lot of computational resources because establishing a secure TLS encrypted connection isn’t cheap. That’s why it costs the attacker more to launch the attack, and for the victim to mitigate it. Cloudflare has seen very powerful attacks in the past over unencrypted HTTP, but this one was exceptional because of the resources it required at its scale.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024