Cloudflare has confirmed that they stopped what they believe to be one of the largest DDoS attacks on record, and quite possibly the largest over HTTPS, which targeted an unnamed cryptocurrency company. The attack was sending 15.3 million requests-per-second, only 1.9 million less than the 17.2 million rps which Cloudflare says is the largest they’ve dealt with. However, this style of DDoS attacks varies from the traditional bandwidth DDoS attack. Volumetric style DDoS attacks are unique in the fact that they directly target the potential victims’ servers instead of simply just taking up bandwidth. The specific attack that was stopped by Cloudflare this month only lasted for around 15 seconds, and the botnet used in the attack included roughly 6,000 individual bots with numerous origin countries. A distribution graph for origin countries can be found below.
HTTPS attacks are typically more expensive due to the cost of acquiring the necessary items to create the secure connection. Cloudflare stated “Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”