Cloudflare detected a DDoS attack of 15.3 million HTTPS requests-per-second (rps) — one of the largest HTTPS attacks ever observed.

DDoS attackers use botnets to flood a victim’s server with HTTP or HTTPS requests. In 2021, Cloudflare detected a record attack of 17.2 million HTTP requests per second. Recently, the organization announced a new, groundbreaking incident.

In the beginning of April, attackers targeted an anonymous Cloudflare customer with 15.3 million HTTPS requests per second. Unique, because HTTPS requests are more expensive than HTTP. Attackers require more capacity for encrypted TLS connections.

The attack lasted about 15 seconds. 6,000 bots in 112 countries tried to overwhelm a server. Botnets consist of systems infected with malware. 15 percent of the botnet’s traffic came from Indonesia, followed by Russia, Brazil, India, Colombia and the United States.

From households to data centres

Interestingly, most of the traffic stemmed from data centers. In the past, Cloudflare mainly detected attacks from endpoints in households. Nowadays, attackers use infected systems in datacenters increasingly often. In this case, the attacker was not successful. Cloudflare shields customers from DDoS attacks, regardless of the attack’s size.

Cloudflare approaches DDoS security by sampling all traffic facing a protected server. Traffic is sent to one of Cloudflare’s dozens of data centres worldwide. There, traffic is analysed and compared to known criminal patterns. If Cloudflare recognizes an attack, suspicious requests are blocked. Normal traffic remains welcome. Resultingly, servers experience as little downtime as possible.

Attacks are getting bigger

DDoS attacks are getting bigger and bigger. Research by F5 shows that, by the end of 2021, the average DDoS attack was four times as large as in the beginning of 2020. In January of this year, Microsoft detected a record attack of 3.47 Tbps. According to Microsoft, online games and VoIP service providers were hit hardest in 2021. The servers of Blizzard, Square Enix (Final Fantasy), Bandwith.com and VoIP Unlimited were temporarily downed.