- Jul 27, 2015
A cryptocurrency platform was recently on the receiving end of one of the biggest distributed denial-of-service attacks ever after threat actors bombarded it with 15.3 million requests, content delivery network Cloudflare said.
DDoS attacks can be measured in several ways, including by the volume of data, the number of packets, or the number of requests sent each second. The current records are 3.4 terabits per second for volumetric DDoSes—which attempt to consume all bandwidth available to the target—809 million packets per second, and 17.2 million requests per second. The latter two records measure the power of application-layer attacks, which attempt to exhaust the computing resources of a target’s infrastructure. Cloudflare's recent DDoS mitigation peaked at 15.3 million requests per second. While still smaller than the record, its power was more considerable because the attack was delivered through HTTPS requests rather than HTTP requests used in the record. Because HTTPS requests are much more compute-intensive than HTTP requests, the latest attack had the potential to put much more strain on the target.
The resources required to deliver the HTTPS request flood were also greater, indicating that DDoSers are growing increasingly more powerful. Cloudflare said that the botnet responsible, comprising about 6,000 bots, has delivered payloads as high as 10 million requests per second. The attack originated from 112 countries, with about 15 percent of the firepower from Indonesia, followed by Russia, Brazil, India, Colombia, and the United States.