Record bot attack thwarted, says Cloudflare


Cybersecurity firm Cloudflare says it has shut down a distributed denial of service (DDoS) attack that marshaled a botnet army of more than 5,000 ‘zombie’ devices to launch a staggering 26 million hostile service requests per second.

The latest attack tops a recent trend of increasingly powerful bot-driven assaults, and was aimed at a client website, mostly using hijacked machines originating from cloud service providers.

“The 26 million rps [requests per second] DDoS attack originated from a small but powerful botnet of 5,067 devices,” said Cloudflare, in what it described as the most powerful HTTPS or encrypted bot attack on record. “On average, each node generated approximately 5,200 rps at peak.”

It said that this contrasted in potency with another much larger but less effective botnet attack on its radar, which consisted of 730,000 zombie machines that each managed just 1.3 rps.

“This botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers,” said Cloudflare. “Over the past year, we’ve witnessed one record-breaking attack after the other.”

In August 2021, the firm identified a 17.2 million rps attack, followed by another this April weighing in at 15 million.

Encrypted assault

CloudFlare added that the latest attack also stood out because it was launched using the encrypted HTTPS communication tool.

“It costs the attacker more to launch the attack, and for the victim to mitigate it,” it said. “We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”

The botnet took less than half a minute to generate more than 212 million HTTPS requests across 121 countries, the most badly affected being Indonesia, the US, Brazil, and Russia respectively. About 3% of the attacks were launched using nodes belonging to Tor, a browser that ranks highly on privacy but is also commonly used to access the dark web.

CloudFlare added that most of the attacks it had monitored recently were small and of short duration – what it dubbed “cyber vandalism” – but still capable of doing serious damage to targets.

“Even small attacks can severely impact unprotected internet properties,” it said. “On the other hand, large attacks are growing in size and frequency – but remain short and rapid. Attackers concentrate their botnet’s power to try and wreak havoc with a single quick knockout blow [while] trying to avoid detection.”

“Even if the attack was quick, the network and application failure events can extend long after the attack is over – costing you revenue and reputation,” it added, urging businesses and individuals to adopt an automated protection service that “does not rely on humans to detect and mitigate attacks.”