Skip to main content

Hackers just launched the largest HTTPS DDoS attack in history

The largest ​​HTTPS distributed denial-of-service (DDoS) attack in history materialized last week, Cloudflare has confirmed.

Cloudflare, which specializes in DDoS mitigation, announced that it successfully prevented the record-breaking onslaught before it could inflict any real damage.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

As reported by Bleeping Computer, the company revealed that it recorded a 26 million requests per second distributed denial-of-service (DDoS) attack.

Recommended Videos

It should be stressed that this is an HTTPS-based DDoS attempt as opposed to the more traditional, standard DDoS attacks. In any case, the intended target was a Cloudflare client utilizing the service’s Free plan.

Bleeping Computer explains that the perpetrator probably relied on hijacked servers and virtual machines due to the fact that the attack stemmed from Cloud Service Providers.

Interestingly, ​​whoever was behind the attack managed to concentrate all its firepower with a botnet of 5,067 devices, which is a relatively small number considering the scale of the assault. Every single device was capable of delivering around 5,200 requests per second (rps) at its peak.

“To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices,” said Cloudflare product manager Omer Yoachimik. “The latter, larger botnet wasn’t able to generate more than one million requests per second, i.e., roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.

A HTTP DDoS attack that was recorded during August 2021 saw around 17.2 million requests per second being generated. More recently, a mitigated 15.3 million rps attack that occurred in April 2022 saw around 6,000 bots being used in order to infiltrate a Cloudflare client who was running a crypto launchpad.

“HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection,” Yoachimik added. “Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale.”

Specifically, the botnet that was put to work in the unprecedented 26 million rps DDoS attack managed to deliver over an astronomical 212 million HTTPS requests within a period of just 30 seconds. This was achieved due to requests stemming from more than 1,500 networks located in 121 countries around the globe.

2022 in particular has seen hackers and threat actors intensify their DDoS attack efforts. Microsoft, for example, halted the largest DDoS attack ever recorded (3.47 terabits per second), while Cloudflare itself stated that this category of cybercrime is aggressively progressing.

Cyber criminal activity in general is on the rise across the board — ransomware gangs have found new ways to evolve their operations, zero-day hacks (described as “one of the most advanced attack methods”) are showing no signs of slowing down, and sensitive information is easily exposed and sold.

Microsoft has even launched an initiative as a response to the increasingly growing threat of cybercrime by offering its in-house security services to businesses.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more
Europe just suffered its worst DDoS attack ever, but we don’t know why
A depiction of a hacker breaking into a system via the use of code.

A record-breaking distributed denial-of-service (DDoS) attack situated within Europe was attempted during July, a new report has confirmed, but the lack of details on the target leaves the motive undetermined.

The largest DDoS attack ever detected in European-based regions was revealed by cybersecurity and cloud service firm Akamai, who said the target was one of its own customers.

Read more