"Cloudflare Thwarts Off Record-Breaking HTTPS DDoS Attack"

Cloudflare has announced that it successfully mitigated a 26 million request per second (RPS) Distributed Denial-of-Service (DDoS) attack, which is the most powerful HTTPS DDoS attack to date. The attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices from hacked Residential Internet Service Providers, so the threat actor most likely used hijacked servers and virtual machines. According to Cloudflare, the attacker also used a small but powerful botnet composed of 5,067 machines, each capable of generating about 5,200 RPS at peak. To contrast the size of this botnet, Cloudflare has been tracking another much larger but less powerful botnet of more than 730,000 devices. The larger botnet could not generate over one million RPS. The smaller botnet was, on average, 4,000 times stronger because of its use of virtual machines and servers. This is one of many large-scale volumetric attacks detected by Cloudflare in recent years, including a brief HTTP DDoS attack in August 2021 that reached 17.2 million RPS. In April 2022, Cloudflare also repelled a 15.3 million RPS attack that used 6,000 bots to target a Cloudflare customer running a crypto launchpad. This article continues to discuss Cloudflare's recent mitigation of a record-breaking HTTPS DDoS attack, other large-scale volumetric attacks, and why HTTPS DDoS attacks are expensive.

CyberIntelMag reports "Cloudflare Thwarts Off Record-Breaking HTTPS DDoS Attack"