Cloudflare mitigated a 15M requests-per-second DDoS

cloudflare cybersecurity cyber security ddos https

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (

Cloudflare says that it successfully mitigated a huge 15.3 million requests-per-second DDoS attack.

The incident was the largest HTTPS attack that Cloudflare has seen. HTTPS attacks, Cloudflare notes, are “more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection.”

Such attacks cost an attacker more to launch, and more for a victim to mitigate.

The target was a Cloudflare customer operating a crypto launchpad that surfaces decentralised finance projects to potential investors. Cloudflare says the attack used a botnet that it was already observing and lasted less than 15 seconds.

The majority of the attack traffic came from Indonesia, followed by Russia, Brazil, India, Colombia, and the US.

Cloudflare notes how the attack was interesting because it mostly came from data centres and the company is seeing a “big move” from residential network ISPs to cloud compute ISPs.

While this was the largest HTTPS attack that Cloudflare has seen, it’s not the largest overall.

The largest attack Cloudflare has seen was an application-layer DDoS that reached 17.2 million requests-per-second. That record-setting attack was launched in September 2021, how the scale of cyberattacks is rapidly increasing.

“While the majority of attacks are small and short, we continue to see these types of volumetric attacks emerging more often,” Cloudflare said.

“It’s important to note that these volumetric short burst attacks can be especially dangerous for legacy DDoS protection systems or organizations without active, always-on cloud-based protection.”

(Photo by Patrick Hendry on Unsplash)

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *