Cloudflare has published information about recent attacks it has seen against its system, and these attacks highlight new DDoS trends where hackers are able to bring down more web application servers at a time.
According to a blog post written by Cloudflare’s Marek Majkowski, these new attacks appear to come from the Mirai botnet, which is known to be responsible for attacks against Brian Krebs, an American journalist who ran Akamai Technologies’ site KrebsOnSecurity.
Recently, Cloudflare was hit by a couple of Layer 7 attacks, which crossed 1 million HTTP requests per second. This attack continued for 15 minutes, and Cloudflare counted 52,467 unique IP addresses taking part in it, wrote Majkowski.
(Related: /n software acquires security company EldoS)
The malicious traffic spread across multiple Cloudflare data centers, but Cloudflare was able to review 100 data centers to get a better idea of where the bots were located. Top affected data centers included those in Hong Kong and Prague, and Cloudflare determined that out of the 10,000 random requests it analyzed, IP addresses came from more than 300 autonomous systems (ASes).
“These attacks are a new trend, so it’s not fair to blame the AS operators for not cleaning up devices participating in them,” said Majkowski. “Having said that, the Ukrainian ISP and Vietnamese AS45899 seem to stand out.”
After investigating these attacks, Cloudflare determined that these attacks came from an Internet of Things type of device. Majkowski said that Cloudflare will continue to investigate and collaborate with researchers to find a permanent solution to this rising threat.
“Although the most recent attacks have mostly involved Internet-connected cameras, there’s no reason to think that they are likely the only source of future DDoS attacks,” wrote Majkowski. “As more and more devices (fridges, fitness trackers, sleep monitors) are added to the Internet, they’ll likely be unwilling participants in future attacks.”
