Largest HTTPS DDoS Attack

Recently, Cloudflare noticed and mitigated a 26 million request per second DDoS attack, the largest HTTPS DDoS attack on record. This attack targeted customer websites using Cloudflare’s free plan.

In this case, the attackers used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices from compromised Residential Internet Service Providers.


Largest HTTPS DDoS Attack

In a recent blog published by Cloudflare mentions that “The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices.”

The report says the second, larger botnet wasn’t able to generate more than one million requests per second, approximately 1.3 requests per second on average per device. As a result, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.

Record DDoS attack

The company says that this attack was over HTTPS. Generally, HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection.

For the attacker, it costs more to launch the attack, and for the victim to mitigate it.

“We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale”, according to Cloudflare.

The analysis says, within less than 30 seconds, this botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries. The top countries include Indonesia, the United States, Brazil, and Russia. About 3% of the attack came through Tor nodes.

Recent DDoS Trends Report

According to the recent DDoS Trends report, most of the attacks are small, but even small attacks can harshly impact unprotected Internet properties. Alternatively, large attacks are growing in size and frequency but remain short and rapid.

According to Cloudflare, it is recommended to protect the Internet properties with an automated always-on protection service that does not rely on humans to detect and mitigate attacks.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.