CDN provider Cloudflare revealed that it recently blocked one of the biggest HTTPS DDoS attacks ever seen.
At 15,3 million requests per second (RPS), the assault is not the largest application-layer attack on record, but it is one of the largest in the HTTPS category.
HTTPS DDoS attacks are typically more expensive and require more computing power because establishing a secure connection encrypted with TLS is more expensive, the company explained.
DeFi projects in the spotlight
The victim was a Cloudflare client that operates a cryptocurrency pitching platform, which pitches decentralized finance (DeFi) projects to potential investors.
The attack itself lasted about 15 seconds and was launched by a known botnet. Of the 6000 unique endpoints used in this attack, the majority were from data centers. The majority (15%) were in Indonesia, with large numbers also from Russia, Brazil, India, Colombia and the United States.
A total of 1.300 different networks were used for the attack. The main networks included the German provider Hetzner Online GmbH, Azteca Comunicaciones Colombia, OVH in France and other cloud providers.
According to recent data from Kaspersky, DDoS attacks have never been more popular, with several records broken in the first quarter of 2022.
The rise in attacks has been fueled by the war in Ukraine, as many "hacktivists" have taken up arms to launch attacks against Russian service providers.
The cyber realm has become a veritable battleground in recent years, with nation states stealing sensitive information and government secrets, spying on elected officials, deploying malware against critical infrastructure, and executing ransomware operations to finance new cyberattacks.