- Cloudflare mitigated one of the most significant Distributed Denial of Service attacks of over 15.3 million requests per second.
- This attack is the second largest DDoS attack on the platform after the attack in August 2021.
- Many suspect it to be related to the return of the Emotet netbot.
Cloudflare, an American internet security company, blocked a deadly attack against a crypto platform. The company announced it on Wednesday 27th April. But the attack, recording a 15.3 million rps volumetric Distributed Denial of Service (DDoS), occurred in early April. The target, a “cryptocurrency launchpad” and Cloudflare customer, is used to showcase DeFi projects to prospects and probable investors.
According to Cloudflare, most of the attacks emanated from data centers worldwide. The massive attack lasted for nearly 15 seconds and was deployed from a botnet of more than 6,000 distinct bots. In addition, the attackers initiated it in over 112 countries across the globe and from more than 1,300 various networks. Some of the leading networks include:
- Telkomnet-AS-AP: Autonomous System Number 7713.
- OVH, based in France: Autonomous System Number 16276.
- Azteca Comunicaciones Columbia: Autonomous System Number 262186.
- German-based Hetzner Online GmbH: Autonomous System Number (ASN) 24940.
Furthermore, the report showed that nearly 15% evolved from Indonesia, being the largest originating country. Then Russia, Brazil, and India, among other countries, were among the giant attack. Though this isn’t the largest DDoS attack the company has recorded, it’s the biggest attack HTTPS Cloudflare has experienced.
Previous extreme attacks against the network usually occurred via HTTP, which is unencrypted. However, this particular incident is unique because of the required number of resources at this immense scale.
The Cloudflare team explained that HTTPS attacks are costlier regarding the number of computational resources required. This is because the resources, in turn, need higher costs in establishing a secure transport layer security (TLS) encrypted network connection. Thus, the attack was more expensive for the attacker and the targeted victim to stop it.
In addition, Cloudflare refused to comment on whether the attack on its platform was related to the renascent Emotet botnet. Notably, the Emotet botnet was taken down as a malicious botnet, even termed the most dangerous malware globally. Moreover, the report shows that the attack evolved from a botnet the company has been tracking due to previous attacks and matching a similar attack fingerprint that topped at 10 million rps.
Volumetric Distributed Denial of Service Implemented Against Cloudflare
Volumetric DDoS attacks are unique DDoS attacks that clog both centralized DDoS mitigation tools and internal network capacity with massive malicious traffic. Majorly, volumetric DDoS attacks aim at consuming bandwidth associated with the target. Usually, this bandwidth is within the victim service/network itself or between the target and the entire internet.
There’s a significant distinction between DDoS attacks and the standard bandwidth DDoS attacks, where the assailants only focus on clogging up and exhausting the target’s bandwidth. Instead, attackers clog the victim’s server with tons of malicious HTTPS requests to consume server RAM and CPU. Thus, inhibiting users from accessing the targeted websites.
Cloudflare Previous experience with DDoS Attack
Last August, Cloudflare reported that it resisted the biggest DDoS attack known for over 17.2 million rps of junk traffic. The company announced that this figure was nearly three times greater than any prior DDoS attack recorded in the global domain. Early this April, the internet security firm announced that it blocked an attack aimed at a crypto-based company.
To date, Amazon Web Services hold the record for the most considerable bandwidth DDoS attack ever known, which 2.3 Tbps (terabytes per second) was. That took place two years ago, in February 2020.