Content-delivery network Cloudflare has released information stating that a cryptocurrency platform was recently the victim of one of the largest distributed denial of service attacks ever recorded. Attackers bombarded it with 15.3 million requests, the content-delivery network said.

DDoS attacks can be measured in several ways, including by measuring the volume of data, the number of packets, and the number of requests sent each second. The current records are 3.4 terabits per second for volumetric DDoS’s – which attempt to consume all bandwidth available to the target – and 809 million packets per second, and 17.2 million requests per second. The latter two records measure the power of application-layer attacks, which attempt to exhaust the computing resources of a target’s infrastructure.

Cloudflare’s recent DDoS mitigation peaked at 15.3 million requests per second. This statistic did not break the current record, however the attack may have ended up being more powerful, as it was delivered through HTTPS requests rather than HTTP requests used in the record. HTTPS requests are much more compute-intensive, so this new attack had the potential to put a much greater strain on the target.

The resources that are required to deliver the requests were also great, indicating that DDoS attackers are growing increasingly powerful. Cloudflare said that the botnet responsible were made up of about 6,000 bots and has delivered payloads as high as 10 million requests per second. The attack originated from 112 countries, with about 15 percent of the attacks coming from Indonesia. Attacks also came from Russia, Brazil, India, Colombia and the United States.

“Within those countries, the attack originated from over 1,300 different networks,” Cloudflare researchers Omer Yoachimik and Julien Desgats wrote. The two said that the majority of the flood traffic came from data centers, as DDoSers move away from residential network ISPs to cloud computing ISPs. Top data center networks involved include German provider Hetzner Online (Autonomous System Number 24920), Azteca Comunicaciones Colombia (ASN 262186), and OVH in France (ASN 16276). Other sources included home and small office routers.

“In this case, the attacker was using compromised servers on cloud hosting providers, some of which appear to be running Java-based applications. This is notable because of the recent discovery of a vulnerability (CVE-2022-21449) that can be used for authentication bypass in a wide range of Java-based applications,” Patrick Donahue, Cloudflare’s VP of product, wrote. “We also saw a significant number of MikroTik routers used in the attack, likely exploiting the same vulnerability that the Meris botnet did.”

The attack lasted for about 15 seconds. Cloudflare mitigated it using systems in their network of data centers that automatically detect traffic spikes and quickly filter out the sources. Cloudflare didn’t identify the target. They did mention that the target operated a crypto launchpad, a platform used to help fund decentralized finance projects.

These numbers underscore the race between attackers and defenders as each attempt to outdo the other. If a new record is set in the coming months, it won’t come as a surprise.

Story via WIRED