The Register reports that a record-breaking HTTPS-based distributed denial-of-service attack peaking at 26 million requests-per-second has been thwarted by Cloudflare, just two months after it mitigated another HTTPS DDoS attack that peaked at 15.3 million rps.
More than 5,000 compromised devices reaching nearly 5,200 rps on average have been discovered in the botnet behind the unprecedented attack, which has been made potent by the utilization of virtual machines and servers.
"Within less than 30 seconds, this botnet generated more than 212 million HTTPS requests from over 1,500 networks in 121 countries," wrote Cloudflare Product Manager Omer Yoachimik, who also noted that most of the requests came from Indonesia, the U.S., Brazil, Russia, and India.
The findings come after a Cloudflare report in April showed a 164% year-over-year increase in application-layer DDoS attacks in the first three months of 2022, as well as a 645% quarter-over-quarter increase in volumetric DDoS attacks.
Novel Go-based information stealer Aurora has been increasingly added by threat actors in their arsenal, with at least seven active cybercrime groups either leveraging the malware exclusively or alongside other info-stealers Raccoon and Redline, BleepingComputer reports.