Cloudflare Experiences Largest DDoS Attack Ever Recorded

Just last month, there was a DDoS-over-HTTPS attack on an unnamed crypto launchpad company. According to Digital Trends, the attack reached an outstanding 15.3 million requests-per-second (rps).

Who Is CloudFlare?

Cloudflare, Inc. is an American content delivery network and DDoS mitigation company founded in 2010. Cloudflare acts as a reverse proxy between a website’s visitor and their hosting provider. They are designed to make everything you connect to the Internet secure, private, fast, and reliable. Cloudflare said in their interviews that this DDoS was the largest one they have ever seen, despite it only lasting fifteen seconds.

How Do DDoS Attacks Work?

A distributed denial of service (DDoS) is defined as an attack that is a malicious attempt in making an online service unavailable to users, usually by temporarily interrupting or suspending the services of its hosting server. These attacks are meant to paralyze the target service or make the target disappear from the Internet. HTTPS-targeting DDoS attacks, like this recent one, are mainly launched against TCP, SSL/TLS, and HTTP. To put it simply, Cloudflare refers to a DDoS attack like an unexpected traffic jam clogging up the highway, preventing usual traffic from arriving at its destination.

DDoS attacks can be measured in many ways, including by the volume of data, the number of packets, or the number of requests sent every second. Although this recent attack was significant, the biggest DDoS attack to date took place in September of 2017. The attack targeted Google services and reached a size of 2.54 Tbps.

Cloudflare’s recent DDoS mitigation peaked at about 15.3 million requests every second. While still smaller than the record, its power was said to be more substantial because the attack was delivered by HTTPS requests rather than HTTP requests like the other one. HTTPS requests are more compute-intensive than HTTP requests, so the latest attack had the potential to put much more strain on the target.

How Did Cloudflare Mitigate the Attack?

Cloudflare mitigated this large attack using systems in its network of data centers. These specialized systems automatically detect traffic spikes and quickly filter out the sources. Cloudflare did not identify the target company except that it operated a crypto launchpad and was a platform used to help fund decentralized finance projects.

Cloudflare’s researchers also said this attack must have been a well-funded operation. They noted that HTTPS DDoS attacks require the use of a transport layer security (TLS) encrypted connection. Transport Layer Security encrypts data gone over the Internet to ensure that eavesdroppers and hackers are unable to see what is being transmitted.

Are Crypto-Platforms Being Targeted?

Cryptocurrency platforms and sites have been a huge target for hackers and DDoS attacks. With the surge in interest in crypto and the resulting increase in traffic, the door has been opened for multiple attempts to disrupt cryptocurrency resources and deny them access. Even in the best of circumstances, many of the websites and applications related to bitcoin and other cryptocurrencies do not have the resources to deal with these attacks and surges in Internet traffic.