Security News > 2022 > June > Cloudflare mitigates record-breaking HTTPS DDoS attack
Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service attack, the largest HTTPS DDoS attack detected to date.
The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things devices from compromised Residential Internet Service Providers.
This is one of several massive volumetric attacks detected by Cloudflare throughout the last several years, with the company recording a short-lived HTTP DDoS attack that peaked at 17.2 million requests per second in August 2021.
The company also mitigated a 15.3 million rps attack in April 2022 that used approximately 6,000 bots to target a Cloudflare customer operating a crypto launchpad. Also noteworthy is that the June and April attacks were volumetric attacks that used gigantic junk requests to exhaust the targeted server's resources and were both carried out over HTTPS. "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Yoachimik explained.
The botnet used in this month's record-high 26 million rps DDoS attack generated over 212 million HTTPS requests within 30 seconds via requests from more than 1,500 networks in 121 countries worldwide.
Microsoft also disclosed that it mitigated in November another massive and record-breaking 3.47 terabits per second DDoS attack that flooded servers used by an Azure customer from Asia with malicious packets.