One of the most powerful DDoS attacks ever to hit a crypto platform

- Advertisement -


Cryptocurrency platform recently fell victim to one of the largest distributed denial of service attacks ever recorded after attackers bombarded it with 15.3 million requests, content delivery network cloud flash said.

- Advertisement -

DDoS attacks can be measured in several ways, including the amount of data, the number of packets, or the number of requests sent every second. Current entries 3.4 terabits per second for bulk DDoS that attempt to use all the bandwidth available to the target, and 809Mppsand 17.2 million requests per second. The last two entries measure the power of application layer attacks that attempt to deplete the computing resources of the target infrastructure.

Cloudflare’s recent DDoS protection peaked at 15.3 million requests per second. Despite the absence of the entry, the attack could have been more powerful since it was carried out using HTTPS requests rather than the HTTP requests used in the entry. Since HTTPS requests are much more computationally intensive, this new attack could significantly increase the load on the target.

- Advertisement -

The resources needed to deliver a stream of HTTPS requests were also larger, indicating that DDoS attacks are becoming more powerful. Cloudflare said that botnet the responsible one, including about 6,000 bots, delivered payloads of up to 10 million requests per second. The attack was launched from 112 countries, with about 15 percent of the firepower coming from Indonesia, followed by Russia, Brazil, India, Colombia and the United States.

“In these countries, the attack originated from more than 1,300 different networks,” Cloudflare researchers Omer Joachimik and Julien Desgats. wrote. They said the flow of traffic has mostly come from data centers as DDoS moves from home network ISPs to cloud computing ISPs. Among the leading data center networks involved were German provider Hetzner Online (AS number 24940), Azteca Comunicaciones Colombia (ASN 262186) and OVH in France (ASN 16276). Other sources included home and small office routers.

“In this case, the attacker used compromised servers of cloud hosting providers, some of which appeared to be running Java-based applications. This is notable due to the recent discovery of a vulnerability (CVE-2022-21449) that can be used to bypass authentication in a wide range of Java-based applications,” Patrick Donahue, Cloudflare’s VP of Product, wrote in an email. “We also saw that a significant number of MikroTik routers were used in the attack, which likely exploited the same vulnerability as Meris botnet made“.

The attack lasted about 15 seconds. Cloudflare has mitigated this by using systems in its datacenter network that automatically detect bursts of traffic and quickly filter out sources. Cloudflare did not name a purpose other than to operate a cryptocurrency startup platform used to fund decentralized finance projects.

The numbers highlight the arms race between attackers and defenders as each tries to outdo the other. It would not be surprising if a new record is set in the coming months.

This story originally appeared on Ars Technique.


More Great WIRED Stories

.


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox