Friday, November 1, 2024
HomeCyber Security News26 Million Request Per Second DDoS Attack Detected - Largest HTTPS DDoS...

26 Million Request Per Second DDoS Attack Detected – Largest HTTPS DDoS Ever Recorded

Published on

Malware protection

For the protection of Cloudflare customers last week, Cloudflare assessed 26 million requests per second and mitigated the attacks as part of a DDoS attack mitigation strategy. 

While this DDoS attack has been registered as the largest HTTPS DDoS attack on record. In this attack, a botnet network consisting of approximately 5,000 devices launched this extreme attack.

During a peak cycle, each node of the cluster generated approximately 5,200 RPS on average. In this case, Cloudflare’s Free plan was used to attack the customer’s website. Cloud service providers were majorly attacked instead of residential internet service providers and this caused most of the damage. 

- Advertisement - SIEM as a Service

Largest HTTPS DDoS Ever Recorded

This could define the size of the attack and suggests that powerful servers and compromised virtual servers have been assaulted badly during the attack.

Here’s what the Cloudflare Product Manager Omer Yoachimik stated:-

“To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn’t able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.”

This is also an example of how the hijacking of cloud resources provides quite a significant power advantage over consumer device technology that is often much weaker, such as IoT devices that have much lower processing power.

Cloudflare has been witnessing record-breaking attacks year after year over the past 12 months. They recently reported a 17.2M RPS HTTP DDoS attack that happened back in August 2021. It is worth mentioning that they recently disclosed 15 megabits per second HTTPS DDoS attack in April. 

With the help of their HTTP DDoS Managed Ruleset, all of the attacks were automatically detected and mitigated. Its own independent edge DDoS protection system provides an edge-based solution for HTTP DDoS managed rule sets.

There were over 212 million HTTPS requests made by this botnet from over 1,500 networks in 121 countries in just less than 30 seconds. Moreover, it has been estimated that approximately 3% of the attacks came from Tor nodes.

Here below we have mentioned all the top countries:-

  • Indonesia
  • The United States
  • Brazil 
  • Russia 

Apart from this, both the attacker and the victim are likely to incur a greater cost when performing DDoS attacks over encrypted connections.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...