Huge DDoS Attack over HTTPS is Discovered and Stopped
The security company Cloudflare has announced that it detected and mitigated a 15.3 million request-per-second (rps) denial of service attack, which the company called “one of the largest HTTPS attacks on record.” Although larger attacks have occurred on the open Internet, mounting a DDoS attack over HTTPS encrypted connections requires significantly more resources, which means that the scope of this attack is quite remarkable. According to Cloudflare, the botnet used for the attack consisted of 6000 unique bots from 1300 different networks in 112 countries.
In recent years, attackers have begun to employ IoT devices in their botnets, leading to a vast increase in the number of available devices. At the same time, the extortion market has become more lucrative. In a typical scenario, attackers will launch a DDoS attack, then force the network owner to pay a ransom to stop the attack. In this case, Cloudflare was able to thwart the attack using a signature-based approach to analyzing the traffic and stopping requests that appeared to be part of the attack.
For more information, see the blog post on the Cloudflare website.