Web-performance firm Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack last week that peaked at 26 million request per second (rps). It was caused by a small but powerful botnet of just 5,067 devices.
This attack didn't originate from compromised low-bandwidth Internet of Things devices like many other DDoS or junk traffic attacks on websites, but rather from cloud service providers, according to Cloudflare.
This attack was over HTTPS, the secure version of the web, similar to a DDoS attack it mitigated in April. As the firm explains, HTTPS DDoS attacks are more computationally expensive for the attacker and victim due to the cost of establishing an encrypted Transport Layer Security (TLS) connection over the internet. Among other things, Cloudflare provides SSL/TLS certificates to website owners.
The attack targeted one customer that used Cloudflare's free plan, which offers DDoS protection, a content delivery network, and an SSL certificate. According to Cloudflare's graph, the attack lasted less than two minutes, climbing to a peak and then fading over the course of 10 seconds.
This "small but powerful" botnet consisted of 5,067 devices, with each node averaging about 5,200 rps. In 30 seconds it generated 212 million HTTPS requests from over 1,500 networks in 120 countries. It was much more powerful than another botnet Cloudflare tracks, which consists of over 730,000 devices and generates an average of just 1.3 rps per device.
"Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers," Cloudflare said.
The top countries where the distributed attack originated were Indonesia, the US, Brazil and Russia.
The last two years have seen multiple record-breaking DDoS attacks. Amazon in June 2020 said it mitigated a 2.3 Terabit per second (Tbps) attack, which was measured in packets per second rather than requests per second for HTTP/S. That DDoS abused the CLDAP (Connection-less Lightweight Directory Access Protocol). Microsoft in January said it mitigated a 3.47 Tbps DDoS attack that used the User Datagram Protocol (UDP) in a "reflection attack". Many of the DDOS attacks are the result of intense rivalry between users of popular online games, according to Microsoft.