Cloudflare Stops A Massive Crypto DDoS Attack Peaking At 15M Requests Per Second
Distributed Denial of Service (DDoS
) attacks can be debilitating, shutting down websites and services for hours or even days on end. Last month, a DDoS attack took down the servers running the popular online multiplayer game Among Us
for almost three days. DDoS attacks attempt to overwhelm a system by flooding it with requests from multiple attack machines. The most intense DDoS attacks are usually carried out using a network of machines compromised by bad actors to form what’s called a “botnet.” Services such as Cloudflare
exist to protect against DDoS attacks by analyzing network traffic and roadblocking suspicious traffic before it reaches servers protected by the service.
In the course of providing this protection, Cloudflare occasionally sees record-breaking DDoS attacks. Last summer, a particularly nasty botnet known as Mirai reemerged and hit Cloudflare’s data centers with 17.2 million
HTTP requests per second (rps), setting a new record. Now Cloudflare says it blocked a DDoS attack earlier this month that reached 15.3 million rps and lasted less than 15 seconds.
HTTPS requests per second during the time of the attack
While the DDoS attack earlier this month didn’t top the peak rps recorded in last August’s attack, it is notable for being the largest HTTPS attack Cloudflare has ever seen. Hypertext Transfer Protocol Secure (HTTPS) is an encrypted version of HTTP, an internet protocol that facilitates data communication over the web. The record-breaking DDoS attack last August was composed of unencrypted HTTP requests, which are less resource intensive than encrypted HTTPS requests.
HTTPS is encrypted using Transport Layer Security (TLS), and establishing a secure TLS connection requires more computational resources than establishing a insecure connection. Thus, this recent attack is significant because of the immense computational resources required to both carry it out and mitigate it.
According to Cloudflare, this DDoS attack has the same attack fingerprint as other attacks tracing back to a known botnet. The company says previous attacks by this botnet
have reached 10 million rps. This time around, Cloudflare detected approximately 6,000 unique bots. Interestingly, the attack traffic mostly came from data centers, rather than compromised consumer devices. Over 1,300 different networks were involved in the attack, with the largest share of traffic originating from Indonesia, Russia, and Brazil.
Cloudflare says that the attack targeted a customer running a cryptocurrency launchpad. Such launchpads function to surface Decentralized Finance (De-Fi) projects to potential investors. Fortunately for the customer, Cloudflare was able to successfully block the attack. Cloudflare’s blog post
regarding the incident details how it automatically detected and mitigated this attack.