Aug 23, 2021 19:00:00

Cloudflare detects 17.2 million requests per second DDoS attacks, attacks from more than 20,000 bots in 125 countries around the world

In early summer 2021, we found that

Cloudflare was being hit by a DDos attack with 17.2 million requests per second. According to Cloudflare, this was three times as large as any attack it had received in the past, and 68% of the legitimate HTTP traffic of the same period.

Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported

According to Cloudflare, the attack was automatically detected and mitigated by an autonomous edge DDoS protection system. Cloudflare processed an average of over 25 million legitimate HTTP requests per second in the second quarter of 2021, accounting for 68% of the 17.2 million requests per second in this attack.

The attack was carried out by the Mirai botnet known for the unprecedented DDoS attack of 1 Tbps (1 terabit per second) in 2016, and the target was a customer in the financial industry using Cloudflare. Attack traffic originated from more than 20,000 bots in 125 countries around the world.

In addition, it is said that the number of 17.2 million requests per second was the largest DDoS attack ever for Cloudflare, but in fact it seems that 8 million requests per second were attacked several weeks ago. The peak bit rate of the attack is about 1.2 Tbps, which exceeds the 1 Tbps launched by the Mirai botnet in 2016. The attack targeted hosting providers and game companies based in the Asia-Pacific region.

According to Cloudflare, L3 / L4 (3rd / 4th layer) DDoS attacks by Mirai botnets are expected to increase by 71% by the end of August 2021, L7 (7th layer) DDoS attacks by Mirai and other botnets. Is projected to increase by 185% by the end of August 2021, stating 'the need for automated, always-on protection.'