"Record-Setting DDoS Attack Hits Financial Service Firm"

Cloudflare's autonomous edge distributed denial-of-service (DDoS) protection systems automatically detected and mitigated a 17.2 million request-per-second (RPS) DDoS attack. This attack is said to be nearly three times larger than any previous HTTP DDoS attack. Cloudflare serves more than 25 million HTTP requests per second on average, referring to the average rate of legitimate traffic in the second quarter of 2021. Peaking at 17.2 million RPS, the attack reached 68 percent of Cloudflare's second quarter average RPS rate of legitimate HTTP traffic. According to Cloudflare, the attack traffic came from over 20,000 bots in 125 countries. Almost 15 percent of the attacks came from Indonesia. Another 17 percent of the attacks originated from India and Brazil combined, suggesting that there may be many devices infected with malware in those countries. This attack was executed by a botnet that flooded the Cloudflare edge with over 330 million attack requests, targeting a Cloudflare customer, which is a financial service firm. It is noted that this botnet has been observed at least twice within the past few weeks, with a different Cloudflare customer, a hosting provider, being targeted with an HTTP DDoS attack peaking just below 8 million RPS. Two weeks prior, Cloudflare discovered another attack in which a Mirai-variant botnet launched more than a dozen UDP- and TCP-based DDoS attacks that peaked multiple times above one terabyte, with a maximum peak of about 1.2 Tbps. The Mirai botnet started with about 30,000 bots, then decreased to around 28,000. Although its fleet lost bots, the botnet was still able to generate high volumes of attack traffic for short periods. This article continues to discuss the recent 17.2 million RPS attack launched by 20,000 bots, the resurgence of the Mirai botnet, and other notable DDoS attacks.

BankInfoSecurity reports "Record-Setting DDoS Attack Hits Financial Service Firm"