CDN provider Cloudflare revealed that it recently blocked one of the biggest HTTPS DDoS attacks ever seen.
Consisting of 15.3 million requests per second (RPS), the assault isn’t the largest application-layer attack on record, but it’s one of the largest in the HTTPS category.
HTTPS DDoS attacks are typically more expensive and require more computing power because establishing a secure TLS-encrypted connection is more costly, the company explained.
DeFi projects in the crosshairs
The victim was a Cloudflare customer operating a crypto launch pad, which pitches decentralized finance (DeFi) projects to potential investors.
The attack itself lasted about 15 seconds and was launched by a known botnet. Of the 6,000 unique endpoints used in this attack, most came from data centers. The majority (15%) were in Indonesia, with large numbers also from Russia, Brazil, India, Colombia and the United States.
A total of 1,300 different networks were used for the attack. Major networks included German provider Hetzner Online GmbH, Azteca Comunicaciones Colombia, OVH in France, and other cloud providers.
According to recent data from Kaspersky, DDoS attacks have never been more popular, with several records broken in the first quarter of 2022.
The upsurge in attacks has been fueled by the war in Ukraine, as many “hacktivists” have taken up arms to launch attacks on Russian service providers.
The cyber realm has become a veritable battleground in recent years, with nation states stealing sensitive information and government secrets, spying on elected officials, deploying malware against critical infrastructure and running ransomware operations to fund new cyberattacks. .