Cloudflare said its system was able to thwart the largest DDoS attack reported in July, explaining in a publication that the attack was at 17.2 million requests per second, three times as much as any previously reported.
Cloudflare’s Omer Yoachimik explained that the company serves more than 25 million HTTP requests per second on average in the second quarter of 2021, illustrating the complexity of the attack. He added that the attack was launched by a botnet that targeted a client from Cloudflare’s financial sector. The attack managed to reach Cloudflare’s limit with more than 330 million attack requests per second, he said.
“The attack traffic originated from more than 20,000 bots in 125 countries around the world. Based on the bots’ IP addresses, nearly 15% of the attack originated in Indonesia and another 17% in India and Brazil. Indicating that there may be many devices infected with malware in these countries,” said Yoachimik.
“This 17.2 million rps attack is the largest HTTP DDoS attack Cloudflare has ever seen and is nearly three times the size of any previously reported DDoS HTTP attack. This particular botnet, however, has been seen at least twice in the past few weeks. Last week, it also targeted a different Cloudflare client, a web hosting vendor, with an HTTP DDoS attack that peaked at just under 8 million rps. “
Cloudflare’s customers including a gaming company and a major APAC-based telecommunications and web hosting vendor are being targeted by attacks on the Magic Transit and Spectrum services, as well as the WAF / CDN service.
“These attacks add to the increase in Mirari-based DDoS attacks we’ve seen on our network in recent weeks. In July alone, L3 / 4 Mirai attacks increased by 88% and L7 attacks by 9%,” said Yoachimik.
“As the number of these devices grows, so does the potential army for DDoS attacks,” said Ting.
Yoachimik said his standalone DDoS protection system detected the 17.2 million attack and noted that his system is powered by a denial of service daemon defined by software they call dosd.