Cloudflare alleviated the biggest ever recorded Volumetric DDoS attack peaking at 17.2 M RPS, affecting servers & resources of the victim...
Cloudflare, one of the most significant web infrastructure and security companies, revealed that it alleviated the most massive volumetric Distributed Denial of Service (DDoS) attack ever recorded.
Cloudflare disclosed the incident on the 19th of August, nearly a month after the attack that affected one of Cloudflare's customers in the financial industry.
According to the company, the attacker used a Mirai Botnet that had already affected more than 20,000 devices to dump HTTP requests on the customer's network to utilize and crash the server resources. In the Volumetric DDoS attacks, threat actors dump as many HTTP requests as possible on the victim's server to use up server CPU and RAM and limit genuine users from using desired sites.
Another modified version of the Mirai Botnet launched over a dozen UDP and TCP-based DDoS attacks that reached several times above 1Tbps. Both of these attacks were efficiently alleviated before any drastic effects.
Reports from Cloudflare stated that "Earlier this summer, Cloudflare’s autonomous edge DDoS protection systems automatically detected and alleviated a 17.2 million request-per-second (rps) DDoS attack, an attack almost three times larger than any previous one that we are aware of."
The malicious web traffic reached a record peak of 17.2 Million requests/sec (rps), which is almost three times bigger than any other recorded attack. The company stated that the attacker targeted its customers for hours, during which it had to consume around 330 million fraud HTTP requests. The threat actor abused the Botnet again in the subsequent weeks targeting a web hosting provider.
The report published by Cloudflare stated that "Cloudflare serves over 25 million HTTP requests per second on average. This refers to the average rate of legitimate traffic in 2021 Q2. So peaking at 17.2 million rps, this attack reached 68% of our Q2 average rps rate of legitimate HTTP traffic."
Cloudflare is currently tracking the evolution of the Mirai Botnet as it has a resemblance with the Mirai IoT malware. After analyzing the IP addresses of impacted devices, the company concluded that 15% of the attacker’s traffic came from Indonesia and 17 % from India and Brazil combined.
Cloudflare's blog post further mentioned that "While the majority of attacks are small and short, we continue to see these types of volumetric attacks emerging more often." The company urged all users to activate cloud-based protection for the prevention of DDoS attacks.
While it is also true that Amazon Web Services has mitigated the substantiating DDoS attack with a bandwidth peaking at 2.3 terabytes per second (Tbps), recorded in February 2020.