16 June 2022

JUNK TRAFFIC TSUNAMI

/ The Cloudflare product manager said that his company automatically detected and mitigated the attack against the customer, which was using Cloudflare's free service. In some cases, DDoSers combine their use of cloud-based devices with other techniques to make their attacks more potent. In the 15.3 million-HTTPS-requests-per-second DDoS from earlier this year, for example, Cloudflare uncovered evidence that the threat actors may have exploited a critical vulnerability. This exploit allowed them to bypass authentication in a wide range of Java-based applications used inside the cloud environments running their attack devices.

Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets

The DDoS arms race shows no signs of slowing down.

<div class=__reading__mode__extracted__imagecaption>EnlargeAurich Lawson | Getty Images

"A massive flood of malicious traffic that recently set a new distributed denial-of-service record came from an unlikely source. A botnet of just 5,000 devices was responsible, as extortionists and vandals continue to develop ever more powerful attacks to knock sites offline, security researchers said.

The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager ​​Omer Yoachimik reported.

Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.

4,000 times stronger

"We've seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale," Yoachimik wrote.

EnlargeCloudflare

The burst lasted less than 30 seconds and generated more than 212 million HTTPS requests from more than 1,500 networks in 121 countries, with Indonesia, the United States, Brazil, and Russia topping the list. The top networks used included French-based OVH (Autonomous System Number 16276), the Indonesian Telkomnet (ASN 7713), the US-based iboss (ASN 137922), and the Libyan Ajeel (ASN 37284). About 3 percent of the attack came through Tor nodes.

EnlargeCloudflare
EnlargeCloudflare

As was the case with the previous 15.3 million-HTTPS-requests-per-second attack, the new one originated mainly on devices from cloud service providers. The servers and virtual machines available from these providers are considerably more powerful than compromised computers and IoT devices connected to residential ISPs, which are the more common source of DDoSes.

[   ] DDoS attacks can be measured in several ways, including by the volume of data, the number of packets, or the number of requests sent each second. The other current records are 3.4 terabits per second for volumetric DDoSes—which attempt to consume all bandwidth available to the target—and 809 million packets per second. The 26 million HTTPS requests per second break the previous 17.2 million-requests-per-second record set in 2020. Not only did that earlier attack deliver fewer packets than the new record, but it also relied on HTTP, which isn't as potent as HTTPS. . .'

Reference: https://arstechnica.com/information-technology/2022/06/tsunami-of-junk-traffic-that-broke-ddos-records-delivered-by-tiniest-of-botnets/

RELATED FOR FURTHER READING

One of the most powerful DDoSes ever targets cryptocurrency platform

15.3 million requests per second is HUGE, especially when delivered through HTTPS.

<div class=__reading__mode__extracted__imagecaption>Enlarge

A cryptocurrency platform was recently on the receiving end of one of the biggest distributed denial-of-service attacks ever after threat actors bombarded it with 15.3 million requests, content delivery network Cloudflare said.

https://arstechnica.com/information-technology/2022/04/one-of-the-most-powerful-ddoses-ever-targets-cryptocurrency-platform/

 

No comments: