Cloudflare has confirmed that they stopped what they believe to be one of the largest DDoS attacks on record, and quite possibly the largest over HTTPS, which targeted an unnamed cryptocurrency company. The attack was sending 15.3 million requests-per-second, only 1.9 million less than the 17.2 million rps which Cloudflare says is the largest they’ve dealt with. However, this style of DDoS attacks varies from the traditional bandwidth DDoS attack. Volumetric style DDoS attacks are unique in the fact that they directly target the potential victims’ servers instead of simply just taking up bandwidth. The specific attack that was stopped by Cloudflare this month only lasted for around 15 seconds, and the botnet used in the attack included roughly 6,000 individual bots with numerous origin countries. A distribution graph for origin countries can be found below.
HTTPS attacks are typically more expensive due to the cost of acquiring the necessary items to create the secure connection. Cloudflare stated “Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”
No confirmations have been made, but with the resurgence of Emotet, and Cloudflare’s comments about the attack coming from a botnet that they’ve previously observed, it’s possible there may be a connection. DDoS attacks are hard to prevent, but they are much easier to mitigate if a proper plan is in place. Knowing network traffic coming into the organization and having a denial-of-service response plan can save a lot of time and effort in the early stages of recovery after an attack.