Cloudflare says it mitigated the largest HTTPS DDoS attack on record

15 Jun 2022

Image: © Thomas/

Cloudflare said the DDoS attack likely used hijacked virtual machines and was unique in the amount of resources it required.

Internet infrastructure company Cloudflare said it was able to detect and mitigate a record-breaking distributed denial-of-service (DDoS) attack, which generated 26m requests a second.

It added that the massive attack was able to generate more than 212m requests from more than 1,500 networks in less than 30 seconds.

The attack targeted an unnamed Cloudflare customer using the company’s free plan.

Cloudflare said the DDoS attack originated mostly from cloud service providers rather than residential internet service providers. This suggests that the threat actor used hijacked virtual machines and powerful servers to generate the attack, instead of “much weaker” IoT devices.

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with high volumes of data from multiple sources. Typically, multiple compromised computer systems are used as sources of attack traffic.

Cloudflare said the record-breaking attack originated from a “small but powerful” botnet of 5,067 devices, with each node generating an average of 5,200 requests per second at their peak.

“To contrast the size of this botnet, we’ve been tracking another much larger but less powerful botnet of over 730,000 devices,” Cloudflare product manager Omer Yoachimik wrote in a blogpost yesterday (14 June).

“The latter, larger botnet wasn’t able to generate more than 1m requests per second. Putting it plainly, this [newly detected] botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.”

Cloudflare said the attack was conducted over HTTPS, which requires more computational power due to the higher cost of establishing a secure TLS encrypted transmission.

This costs the threat actor more to launch the attack, but also costs more to mitigate it. Yoachimik noted that this attack stood out in particular due to the “resources it required at its scale”.

Cloudflare said that large DDoS attacks have been growing in size and frequency, though they remain “short and rapid” as threat actors try to avoid detection.

In March, a report by cybersecurity company Akamai said DDoS attackers are using a new attack vector that provides a record-breaking amplification ratio of nearly 4.3bn to one. A higher amplification ratio makes it easier for attackers to overwhelm systems with fewer packets.

Ongoing cyberthreats

Global cyber threats are on the rise, with an increase in sophisticated, high-impact attacks aimed at critical infrastructure. Organisations in the US have been ramping up cyber defences for several months amid growing concerns around the threat of Russian cyberattacks.

In March, US president Joe Biden warned companies operating in the country to bolster their security efforts, adding that malicious cyber activity is “part of Russia’s playbook”.

The US, along with its allies in the Five Eyes intelligence alliance, expressed concerns in April about the threat of Russian state-sponsored cyberattacks on critical infrastructure systems.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic