Cloudflare just mitigated one of the most powerful DDoS attacks ever:
Earlier this week, Cloudflare engineers identified one of the largest distributed denial-of-service (DDOS) attacks ever attempted. The attack, made against an unidentified cryptocurrency platform, was identified and mitigated in under 20 seconds. The individuals behind the act flooded the network with more than 15 million requests.
In addition to the attack's size, the use of HTTPS rather than typical HTTP requests further complicated the issue—the secure protocol results in more resource overhead due to the compute-intensive nature of the secure HTTPS request. According to Cloudflare, the botnet responsible for carrying out the attack represented 6,000 bots from 112 countries around the world.
The attack is believed to have leveraged servers from hosting providers running vulnerable Java-based applications. Those servers were likely unpatched or not updated and susceptible to CVE-2022-21449, Psychic Signatures in Java. The vulnerability allows attackers to use the elliptic curve digital signature algorithm (ECDSA) to forge SSL certificates and other authentication-based information in order to obtain unwanted access.
The sharp spike in Cloudflare's traffic analytics shows just how quickly the attack was able to ramp up. At 22:21:15 the platform recorded between 500,000 and 1 million requests. Within five seconds, that number grew to almost 3 million requests. At this point the attack's intensity escalated, generating approximately 15.3 million requests within the next five seconds. Several seconds later, Cloudflare was able to mitigate the attack, bringing traffic patterns back to expected levels.
I am no fan of Cloudflare, but they seem to have done what they said they could do in this particular case.
Related Stories
Hackers just launched the largest HTTPS DDoS attack in history:
The largest HTTPS distributed denial-of-service (DDoS) attack in history materialized last week, Cloudflare has confirmed.
As reported by Bleeping Computer, the company revealed that it recorded a 26 million requests per second distributed denial-of-service (DDoS) attack.
It should be stressed that this is an HTTPS-based DDoS attempt as opposed to the more traditional, standard DDoS attacks. In any case, the intended target was a Cloudflare client utilizing the service's Free plan.
[...] Interestingly, whoever was behind the attack managed to concentrate all its firepower with a botnet of 5,067 devices, which is a relatively small number considering the scale of the assault. Every single device was capable of delivering around 5,200 requests per second (rps) at its peak.
[...] Specifically, the botnet that was put to work in the unprecedented 26 million rps DDoS attack managed to deliver over an astronomical 212 million HTTPS requests within a period of just 30 seconds. This was achieved due to requests stemming from more than 1,500 networks located in 121 countries around the globe.
Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets:
The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager Omer Yoachimik reported. Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.
[Cloudflare Product Manager Omer] Yoachimik wrote:
The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we've been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn't able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.
[...] The Cloudflare product manager said that his company automatically detected and mitigated the attack against the customer, which was using Cloudflare's free service.
See also:
Cloudflare Just Mitigated One of the Most Powerful DDoS Attacks Ever
Microsoft Azure Customer Hit by Largest 3.47 Tbps DDoS Attack
Microsoft Azure Fends Off Huge DDoS Attack
(Score: 2, Insightful) by Anonymous Coward on Tuesday May 03 2022, @03:03PM (2 children)
An open letter to APK:
A wall of spam text is easy to ignore. Nobody cares. It is wasted effort - but you be you.
What is hard is changing hearts and minds with a few well-chosen words which edify and improve the world. Try it sometime.
(Score: 1, Interesting) by Anonymous Coward on Tuesday May 03 2022, @06:28PM (1 child)
Notice they don't spam the right leaning journals, runaway/apk/big_sock_num doesn't shit on their own content. How many socks do they have left you think?
(Score: 4, Informative) by janrinok on Tuesday May 03 2022, @06:58PM
They are not sock puppet accounts - simply posting as AC does not make it a sock puppet.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 03 2022, @03:45PM (2 children)
Yeah, their commitment to free speech disappeared, but they're still a valuable resource for most of the Internet, and they seem to be more or less ethical. More so than most big tech companies.
(Score: 4, Interesting) by Rosco P. Coltrane on Wednesday May 04 2022, @01:47AM (1 child)
CloudFlare basically sits between you and half of the internet. Besides deciding who gets to access what without any sort of oversight, they also surveil a sizeable portion of the traffic on the internet for whatever purpose they see fit. This is NSA-level privacy invasion capabilities.
CloudFlare is right up there with Google on the list of worst threats to individual freedoms and democracy.
Their stopping a DDOS doesn't make them anymore likable. In fact, I'd say CloudFlare a stopping DDOS on a cryptocurrency network isn't exactly doing a service to humanity. They should have let it run its course.
(Score: 1, Insightful) by Anonymous Coward on Wednesday May 04 2022, @11:38AM
That's fair, but what's the alternative? The other option is everybody gets knocked off the Internet by DDOS attacks. That's why companies hire them. That's also the key difference between them and the NSA. Their traffic is from people who want them to carry that traffic. They're customers, not serfs.
(Score: 4, Informative) by driverless on Wednesday May 04 2022, @10:50AM (1 child)
Specifically, why psychic signatures were used, or how? TFA (The Fscking Advertisement) was so busy singing the praises of Cloudflare's DDoS protection that it plumb forgot to describe how the attack worked apart from mentioning that HTTPS was involved.
(Score: 0) by Anonymous Coward on Wednesday May 04 2022, @08:59PM
Looking at the information cloudflare supplied, this attack originated from a botnet that targets unsecured cloud servers at major data centers. There were around 6,000 clients from a less than 2,000 autonomous systems. Since they had already seen attacks like this (not that it is particularly sophisticated), their automatic detection system quickly and automatically flagged it. They then did a standard mitigation for the identified traffic, which they probably didn't even need to upstream.