The Hacker News
reports that a 15.3 million request-per-second volumetric distributed denial-of-service attack
, one of the largest HTTPS DDoS attacks ever, has been stopped by Cloudflare.
Cloudflare researchers noted that an unnamed crypto launchpad operator was targeted by the major volumetric DDoS attack, which spanned for less than 15 seconds.
"HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. Therefore it costs the attacker more to launch the attack, and for the victim to mitigate it," said researchers Omer Yoachimik and Julien Desgats.
Nearly 6,000 unique compromised devices have been leveraged in the botnet used to launched the attack, with Indonesia being the leading source of attack traffic.
"What's interesting is that the attack mostly came from data centers. We're seeing a big move from residential network Internet Service Providers (ISPs) to cloud compute ISPs," researchers added.