Major DDoS Attack Mitigated by Cloudflare
On Wednesday, Cloudflare announced that it successfully mitigated a staggering distributed denial-of-service (DDoS) attack, generating 15.3 million requests per second (RPS). This incident marks one of the most significant HTTPS DDoS attacks recorded to date. Cloudflare, a leader in web infrastructure and security, highlighted the complexities of defending against such attacks, particularly due to the higher computational resources required for secure TLS encrypted connections.
Omer Yoachimik and Julien Desgats from Cloudflare explained that the economics of launching HTTPS DDoS attacks pose distinct challenges for both attackers and their victims. Due to the resource-intensive nature of establishing secure connections, the cost for attackers increases significantly, making these attacks particularly daunting to mitigate for affected organizations.
This specific volumetric DDoS attack lasted less than 15 seconds and targeted a Cloudflare customer associated with a cryptocurrency launchpad. Typically, volumetric DDoS attacks are engineered to inundate a target with excessive malicious traffic, often originating from large botnets under the control of threat actors.
Cloudflare further revealed that the attack was predominantly sourced from a botnet comprising approximately 6,000 unique compromised devices. Notably, 15 percent of the attack traffic originated from Indonesia, with substantial contributions from Russia, Brazil, India, Colombia, and the United States. This shift indicates a troubling trend, as Yoachimik and Desgats remarked on the growing prevalence of traffic generated from cloud computing service providers rather than traditional residential Internet Service Providers (ISPs).
In recent months, record-setting DDoS incidents have seen an alarming rise in frequency. Back in August 2021, Cloudflare identified what it termed the largest application-layer attack to that point. More recently, Microsoft reported thwarting multiple DDoS attacks that exceeded 2.4 terabits per second. Adding to the growing concern, cybersecurity firm Kaspersky noted a dramatic increase in DDoS attacks during the first quarter of 2022—up 4.5 times year-over-year—largely attributed to geopolitical tensions following Russia’s invasion of Ukraine.
Kaspersky highlighted that the dynamic landscape of DDoS attacks in early 2022 was heavily influenced by this geopolitical climate, leading to increased hacktivist activity and the emergence of spontaneous botnets formed by users voluntarily connecting to compromised networks.
For business owners, these developments underscore the critical importance of robust cybersecurity measures and incident response strategies. Understanding the tactics outlined in the MITRE ATT&CK framework can provide valuable insights into possible adversary techniques. In scenarios like this, adversaries may have employed tactics such as initial access and command-and-control activities to compromise devices, which ultimately contributed to the scale of the attack.
As the threat landscape continues evolving, organizations must remain vigilant and proactive in fortifying their defenses against the rising tide of cyber threats. In this particular incident, the blend of sophisticated DDoS tactics and the scale of the response from Cloudflare illustrates the critical need for businesses, especially those within the technology and finance sectors, to prioritize cybersecurity as an essential component of their operational strategy.
