![](\"https:\/\/media.wired.com\/photos\/626c1e5a9dd12de412826781\/master\/pass\/DDoS-Cryptocurrency-Platform-Security-163816698.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Dan Goodin, Ars Technica| Date: Sat, 30 Apr 2022 13:00:00 +0000<\/strong><\/p>\n Dan Goodin, Ars Technica<\/a><\/span><\/span><\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n To revist this article, visit My Profile, then View saved stories<\/a>.<\/p>\n A cryptocurrency platform<\/span> was recently on the receiving end of one of the biggest distributed denial of service attacks ever recorded, after threat actors bombarded it with 15.3 million requests, the content-delivery network Cloudflare<\/a> said.<\/p>\n This story originally appeared on Ars Technica<\/a>, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Cond\u00e9 Nast.<\/p>\n DDoS attacks<\/a> can be measured in several ways, including by the volume of data, the number of packets, or the number of requests sent each second. The current records are 3.4 terabits per second<\/a> for volumetric DDoS's\u2014which attempt to consume all bandwidth available to the target\u2014and 809 million packets per second<\/a>, and 17.2 million requests per second<\/a>. The latter two records measure the power of application-layer attacks, which attempt to exhaust the computing resources of a target\u2019s infrastructure.<\/p>\n Cloudflare's recent DDoS mitigation peaked at 15.3 million requests per second. While short of the record, the attack may have been more powerful, because it was delivered through HTTPS requests rather than the HTTP requests used in the record. Because HTTPS requests are much more compute-intensive, this new attack had the potential to put much more strain on the target.<\/p>\n The resources required to deliver the HTTPS request flood were also greater, indicating that DDoSers are growing increasingly powerful. Cloudflare said that the botnet<\/a> responsible, comprising about 6,000 bots, has delivered payloads as high as 10 million requests per second. The attack originated from 112 countries, with about 15 percent of the firepower from Indonesia, followed by Russia, Brazil, India, Colombia, and the United States.<\/p>\n \u201cWithin those countries, the attack originated from over 1,300 different networks,\u201d Cloudflare researchers Omer Yoachimik and Julien Desgats wrote<\/a>. They said that the flood of traffic mainly came from data centers, as DDoSers move away from residential network ISPs to cloud computing ISPs. Top data center networks involved included the German provider Hetzner Online (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186), and OVH in France (ASN 16276). Other sources included home and small office routers.<\/p>\n \u201cIn this case, the attacker was using compromised servers on cloud hosting providers, some of which appear to be running Java-based applications. This is notable because of the recent discovery of a vulnerability (CVE-2022-21449<\/a>) that can be used for authentication bypass in a wide range of Java-based applications,\u201d Patrick Donahue, Cloudflare's VP of product, wrote in an email. \u201cWe also saw a significant number of MikroTik routers used in the attack, likely exploiting the same vulnerability that the Meris botnet did<\/a>.\u201d<\/p>\n The attack lasted about 15 seconds. Cloudflare mitigated it using systems in its network of data centers that automatically detect traffic spikes and quickly filter out the sources. Cloudflare didn\u2019t identify the target except to say that it operated a crypto launchpad, a platform used to help fund decentralized finance projects.<\/p>\n The numbers underscore the arms race between attackers and defenders as each attempts to outdo the other. It won\u2019t be surprising if a new record is set in the coming months.<\/p>\n This story originally appeared on<\/em> Ars Technica<\/em><\/a>.<\/em><\/p>\n