Pierluigi Paganini
August 20, 2021
Cloudflare, the web infrastructure and website security company, announced that it has mitigated the largest ever volumetric distributed denial of service (DDoS) attack to date.
Volumetric DDoS attacks are designed to overwhelm internal network capacity and even centralized DDoS mitigation scrubbing facilities with significantly high volumes of malicious traffic. These DDoS attacks attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet.
The attack hit an unnamed customer of the company operating in the financial industry. The company said that the attack took place in July and was launched by a Mirai botnet.
“Earlier this summer, Cloudflare’s autonomous edge DDoS protection systems automatically detected and mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any previous one that we’re aware of.” reads a post published by the company. “Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests.”
The malicious traffic reached a record high of 17.2 million requests-per-second (rps), a volume three times bigger than previously reported HTTP DDoS attacks.
Cloudflare reported that the botnet employed in the attack was composed of more 20,000 bots from 125 countries worldwide. The analysis of the bots’ IP addresses revealed that 15% of the attack originated from Indonesia and another 17% from India and Brazil combined.
“Cloudflare serves over 25 million HTTP requests per second on average. This refers to the average rate of legitimate traffic in 2021 Q2. So peaking at 17.2 million rps, this attack reached 68% of our Q2 average rps rate of legitimate HTTP traffic.” continues the report.
In recent weeks, Cloudflare registered another attack from the same Mirai botnet against a hosting provider that peaked at approximately 8 million rps.
Two weeks before, another Mirai-variant botnet launched over a dozen UDP and TCP based DDoS attacks that peaked multiple times above 1 Tbps. One of the targets of the attacks was a major APAC-based Internet services, telecommunications and hosting provider. Another target was a gaming firm.
Both attacks were successfully mitigated.
“While the majority of attacks are small and short, we continue to see these types of volumetric attacks emerging more often. It’s important to note that these volumetric short burst attacks can be especially dangerous for legacy DDoS protection systems or organizations without active, always-on cloud-based protection.” concludes the post. “Furthermore, while the short duration may say something about the botnet’s capability to deliver sustained levels of traffic over time, it can be challenging or impossible for humans to react to it in time. In such cases, the attack is over before a security engineer even has time to analyze the traffic or activate their stand-by DDoS protection system. These types of attacks highlight the need for automated, always-on protection.”
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, DDoS)
[adrotate banner=”5″]
[adrotate banner=”13″]
