https://therecord.media/cloudflare-says-it-mitigated-a-record-breaking-17-2m-rps-ddos-attack/

* 

[matomo]

[                    ] [go]
[PrimaryLog]

  * Leadership
  * Cybercrime
  * Nation-state
  * Government
  * People
  * Technology

  * About
  * Contact

  *  

[                    ] [go]
Subscribe to our newsletter

[                    ] [go]
Subscribe
Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack
Image: Cloudflare
Catalin Cimpanu August 19, 2021

Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack

Briefs
Technology

  *  
  *  
  *  
  *  
  *  

Catalin Cimpanu

August 19, 2021

  * Briefs
  * Technology

  *  
  *  
  *  
  *  
  *  

Cloudflare says it mitigated a record-breaking 17.2M rps DDoS attack

Internet infrastructure company Cloudflare disclosed today that it
mitigated the largest volumetric distributed denial of service (DDoS)
attack that was recorded to date.

The attack, which took place last month, targeted one of Cloudflare's
customers in the financial industry.

Cloudflare said that a threat actor used a botnet of more than 20,000
infected devices to flung HTTP requests at the customer's network in
order to consume and crash server resources.

Called a volumetric DDoS, these are different from classic bandwidth
DDoS attacks where threat actors try to exhaust and clog up the
victim's internet connection bandwidth. Instead, attackers focus on
sending as many junk HTTP requests to a victim's server in order to
take up precious server CPU and RAM and prevent legitimate users from
using targeted sites.

Cloudflare said this attack peaked at 17.2 million HTTP requests/
second (rps), a figure that the company described as almost three
times larger than any previous volumetric DDoS attack that was ever
reported in the public domain.

    We are currently under DDoS and are working to mitigate. Requests
    reached > 7million/minute at our edge and declining.

    -- BitMEX (@BitMEX) August 22, 2018

Cloudflare said that while the attack peaked at 17.2 million rps, the
threat actor kept its botnet aimed against its customer for hours,
during which time it had to absorb more than 330 million junk HTTP
requests.

But the botnet operator did not stop after this initial attack.
Cloudflare said the same botnet also carried out two other
large-scale attacks in the subsequent weeks, including another that
peaked at 8 million rps, aimed at a web hosting provider.

Cloudflare said it's currently tracking the botnet's evolution, which
appears to have been built using a modified version of the
well-known Mirai IoT malware.

Based on the infected device's (bots) IP addresses, Cloudflare said
that 15% of the attacker's traffic came from Indonesia, while another
17% of the malicious traffic came from India and Brazil combined.

Cloudflare-DDoS-sourceImage: Cloudflare

At 17.2 million rps, the attack also accounted for 68% of the
legitimate HTTP traffic the company processed during Q2 2021,
estimated at 25 million rps.

The biggest bandwidth DDoS attack ever recorded comes at 2.3
terabytes per second (Tbps), recorded by Amazon Web Services in
February 2020.

  *  
  *  
  *  
  *  
  *  

Tags

  * botnet
  * Cloudflare
  * DDoS
  * Indonesia
  * Internet
  * IoT
  * Mirai
  * record
  * volumetric DDoS

 

Catalin Cimpanu is a cybersecurity reporter for The Record. He
previously worked at ZDNet and Bleeping Computer, where he became a
well-known name in the industry for his constant scoops on new
vulnerabilities, cyberattacks, and law enforcement actions against
hackers.

Previous article Next article
Mozi botnet gains the ability to tamper with its victims' traffic
RansomClave project uses Intel SGX enclaves for ransomware attacks

Briefs

  * Cisco: Security devices are vulnerable to SNIcat data
    exfiltration technique August 18, 2021
  * Operator of the Helix bitcoin mixer pleads guilty to money
    laundering August 18, 2021
  * Watering hole attack found on popular North Korean-themed news
    site August 18, 2021
  * Healthcare provider expected to lose $106.8 million following
    ransomware attack August 17, 2021
  * New HolesWarm botnet targets Windows and Linux servers August 16,
    2021
  * T-Mobile confirms hack after customer data ends up for sale on
    cybercrime forum August 16, 2021
  * Russian cyberspies targeted the Slovak government for months 
    August 13, 2021
  * Hackers tried to exploit two zero-days in Trend Micro's Apex One
    EDR platform August 12, 2021
  * Crypto-mining botnet modifies CPU configurations to increase its
    mining power August 12, 2021
  * Cyberspace Solarium update finds much work to be done August 12,
    2021
  * Piracy sites make more than $1 .3 billion from malicious and real
    ads August 12, 2021
  * PrintNightmare vulnerability weaponized by Magniber ransomware
    gang August 12, 2021

[PrimaryLog]

  *  
  *  
  *  
  *  

  * Contact
  * About Us
  * Privacy Policy

(c) Copyright 2021 | The Record by Recorded Future