What just happened? Earlier this week, Cloudflare engineers identified one of the largest distributed denial of service (DDOS) attacks ever attempted. An attack against an unidentified cryptocurrency platform was identified and eliminated in less than 20 seconds. The individuals behind the act flooded the web with more than 15 million requests.

- Advertisement -

In addition to attack size, using HTTPS rather than typical HTTP requests further complicates the problem – a secure protocol results in increased overhead due to the resource-intensive nature of a secure HTTPS request. In accordance with cloud flashThe botnet responsible for the attack consisted of 6,000 bots from 112 countries.

- Advertisement -

- Advertisement -

It is assumed that during the attack the servers of hosting providers were used, which run vulnerable Java applications. These servers have probably not been patched or updated and are affected CVE-2022-21449, Mental Signatures in Java. The vulnerability allows attackers to use the digital signature algorithm based on elliptic curves (ECDS) to forge SSL certificates and other authentication-based information in order to gain unwanted access.

The spike in Cloudflare’s traffic analytics shows how quickly the attack was able to unfold. At 22:21:15, the platform recorded between 500,000 and 1 million requests. Within five seconds, that number had grown to nearly 3 million requests. At this point, the intensity of the attack increased, and over the next five seconds, about 15.3 million requests were generated. After a few seconds, Cloudflare managed to mitigate the attack by returning the traffic structure to the expected level.

Nearly 15% of the attacks took place in Indonesia, according to Cloudflare. The Russian Federation, Brazil, India, Colombia and the United States each accounted for approximately 5% of departure points. Cloudflare’s engineers and security experts concluded that the attacks originated from more than 1,300 different networks in all 112 identified countries. They were also surprised to find that, unlike other attacks, many of these attacks originated from data centers rather than regular ISP-based residential networks.

Oracle has since released recommendations for updating critical fixes to help users mitigate any potential vulnerability. Administrators of potentially vulnerable systems should review this information to minimize any risks associated with Java.

The scale of the attack, as well as the resources used and the power required to carry out an HTTPS-based attack, are clear signs that hackers continue to harden their weapons in what appears to be a never-ending arms race. Keeping up-to-date with the latest security updates and advisories can help minimize your chances of falling victim to these and similar attacks in the future.

Image credit: Movement pattern and location breakdown by cloudflare