Cloudflare recently detected and mitigated what they claim is the largest distributed denial of service (DDoS) attack in the world.
The attack, according to Cloudflare, was at its peak, reaching 26 million requests per second. The request comes from the cloud service provider, not from the home internet provider like a typical DDoS attack.
This raises the assumption that the attackers used virtual machines in the attack, which turned out to be bigger than attacks using botnets from Internet of Things (IoT) devices, as quoted by Techspot, Saturday (18/6/2022).
In the attack, which lasted less than 30 seconds, there were HTTPS requests originating from more than 1,500 networks spread across 121 countries. The attack was aimed at one Cloudflare customer who was using the free plan from the DDoS mitigation service provider.
Interestingly, the attack that is claimed to be the largest only comes from a relatively small botnet, only 5,067 devices. But according to Cloudflare, each of those devices made about 5,200 requests per second at their peak.
In comparison, Cloudflare is detecting a botnet containing 730,000 devices, but it can't generate more than a million requests every second. This means that the smaller botnet is 4,000 times more powerful than the larger botnet.
Even worse, the request uses the HTTPS protocol, which requires more computing power than requests with the HTTP protocol, which means that the perpetrator incurs more money to carry out the attack. Likewise with victims, who need to spend more money to mitigate attacks with these protocols.
The largest DDoS attack -- recorded by Cloudflare -- previously occurred in August 2021, where there was an attack with 17.2 million requests per second. Then in April 2021, there was a 20-second attack that generated 15 million requests every second.