A Cryptocurrency Platform recently received one of the largest distributed denial of service attacks ever recorded, after threats hit it with 15.3 million requests, the content delivery network Cloudflare speak.
DDoS attack can be measured in many ways, including data volume, number of packets or number of requests sent per second. The current records are 3.4 terabits per second for volumetric DDoS — trying to consume all available bandwidth to the target — and 809 million packs per secondand 17.2 million requests per second. The following two logs measure the strength of application layer attacks, which attempt to deplete the computational resources of the target’s infrastructure.
Cloudflare’s DDoS mitigation recently peaked at 15.3 million requests per second. Despite the lack of profiling, the attack could be stronger, as it is sent through HTTPS requests and not the HTTP requests used in the profile. Since HTTPS requests require more computation, this new attack has the potential to put much more strain on the target.
The resources required to accommodate the flood of HTTPS requests are also larger, indicating that DDoSer is growing stronger and stronger. Cloudflare said that botnet responsible, including around 6,000 bots, delivered payloads as high as 10 million requests per second. The attack originated in 112 countries, with about 15% of the firepower coming from Indonesia, followed by Russia, Brazil, India, Colombia and the United States.
“In those countries, the attack originated in more than 1,300 different networks,” said researchers Cloudflare, Omer Yoachimik and Julien Desgats Written. They say that traffic is mainly coming from data centers, as DDoSers move from residential network ISPs to cloud ISPs. Leading data center networks participating include German provider Hetzner Online (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186) and OVH in France (ASN 16276). Other sources include home and small office routers.
“In this case, the attacker is using compromised servers on cloud hosting providers, some of which appear to be running Java-based applications. This is notable because a security vulnerability was recently discovered (CVE-2022-21449) can be used to bypass authentication in a wide range of Java-based applications,” wrote Patrick Donahue, Cloudflare’s Product Manager, in an email. “We also saw a significant number of MikroTik routers used in the attack, potentially exploiting the same vulnerability. botnet Meris did. ”
The attack lasts about 15 seconds. Cloudflare has mitigated it by using systems in its data center network that automatically detect traffic spikes and quickly filter out the sources. Cloudflare did not specify a target except to say that it operates a cryptocurrency startup, a platform used to help fund decentralized finance projects.
The numbers emphasize the arms race between attackers and defenders as each side tries to get ahead of the other. Wouldn’t be surprised if a new record is set in the coming months.
This story originally appeared on Ars Technica.
Stories with WIRED are more amazing
