Security News

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second distributed denial-of-service attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "Powerful" botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak.

Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service attack, the largest HTTPS DDoS attack detected to date. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things devices from compromised Residential Internet Service Providers.

At 15.3 million requests-per-second, the DDoS bombardment was one of the largest that the internet infrastructure company has seen, and the largest HTTPS attack on record. Other countries generating the most traffic included Russia, Brazil, India, Colombia and the US. Cloudflare researchers didn't name the botnet but said it was one that they've been watching and had seen attacks as large as 10 million rps that matched the same fingerprint.

Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second distributed denial-of-service attack. "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Cloudflare's Omer Yoachimik and Julien Desgats said.

To protect client data during the ongoing conflicts, Cloudflare has removed all customer encryption keys from data centers located in Ukraine, Russia, and Belarus, and deployed its "Keyless SSL" technology. The second measure is the addition of a forceful configuration on all servers located in Ukraine, Belarus, and Russia, to automatically brick in the case of a power loss or internet connection disruption.

Krazy Glue of the internet Cloudflare has buffed up its email security with the purchase of anti-phishing firm Area 1. Area 1 Security is all about pre-emptively tracking phishing campaigns and preventing customer mailboxes being troubled thanks to its INBOX.CLEAN product.

Cloudflare, an American company focused on web infrastructure and website security, has announced the launch of a new public bug bounty program. "Today we are launching Cloudflare's paid public bug bounty program," said Rushil Shah, a Product Security Engineer at Cloudflare.

Cloudflare is experiencing "Wide-spread" latency issues with their network and services, causing websites to load slowly and customers to experience performance issues accessing the customer dashboard. The issues started at around 3 PM EST and affect sites worldwide, including BleepingComputer.

Cyber insurance premiums are increasing and so is infosec's determination to get a slice of that pie: Cloudflare is partnering with Mandiant, Secureworks, and Crowdstrike in a "Rapid referral" partnership for under-attack companies. The move was announced today as Cloudflare claimed that insurance premiums "Have increased upwards of 50 per cent," with price hikes mainly hitting "The small and medium enterprises that find themselves as the common target for these cyber attacks."

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service attack recorded to date. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company noted, at one point reaching a record high of 17.2 million requests-per-second, making it three times bigger than previously reported HTTP DDoS attacks.