DDoS attacks can shut down websites and services for hours or even days on end. Last month, a DDoS attack took down the servers running the popular online multiplayer game for almost three days. DDoS attacks attempt to overwhelm a system by flooding it with requests from multiple attack machines.
The most intense DDoS attacks are usually carried out using a network of machines compromised by bad actors to form what’s called a “botnet.” Services such as Cloudflare exist to protect against DDoS attacks by analyzing network traffic and roadblocking suspicious traffic before it reaches servers protected by the service.
Cloudflare occasionally sees record-breaking DDoS attacks. Last year, a nasty botnet known as Mirai reemerged and hit Cloudflare’s data centers with 17.2 million HTTP requests per second (rps), setting a new record. Now Cloudflare says it blocked a DDoS attack earlier this month that reached 15.3 million rps and lasted less than 15 seconds.
While the DDoS attack earlier this month didn’t top the peak rps recorded in last August’s attack, it is notable for being the largest HTTPS attack Cloudflare has ever seen. The record-breaking DDoS attack last August was composed of unencrypted HTTP requests, which are less resource intensive than encrypted HTTPS requests.
This DDoS attack has the same attack fingerprint as others tracing back to a known botnet. The company says previous attacks by this botnet have reached 10 million rps. Cloudflare detected approximately 6,000 unique bots. The attack traffic mostly came from data centers, rather than compromised consumer devices. Over 1,300 different networks were involved in the attack, with the largest share of traffic originating from Indonesia, Russia, and Brazil.
Cloudflare says that the attack targeted a customer running a cryptocurrency launchpad. Such launchpads function to surface Decentralized Finance (De-Fi) projects to potential investors. Fortunately for the customer, Cloudflare was able to successfully block the attack.
Cloudflare’s blog post regarding the incident details how it automatically detected and mitigated this attack.