Posted on May 4, 2022 at 6:04 PM
A distributed denial of service (DDoS) attack was recently used to target a cryptocurrency platform. The attack was ranked as one of the largest DDoS attacks in history. According to a report by Cloudflare, the threat actors behind it bombarded the network with 15.3 million requests.
DDoS attack on a cryptocurrency platform
DDoS attacks have been on the rise recently. These attacks can be used as a pretext to launch other malicious campaigns within a company’s server, while some threat actors launch these attacks to demand ransom.
DDoS attacks can be measured in multiple ways. The first is the volume of data transferred within the company’s server. The attacks can also be determined by the number of packets or requests sent every second.
The current record for the largest DDoS attacks happened at 3.4 terabits per second for large volumes of data that take up the entire bandwidth of the target. The records also stand at 809 million packets per second and 17.2 million requests per second. The recent DDoS incident reported by Cloudflare came in at 15.3 million requests per second, making it one of the largest DDoS attacks in history.
The attack is also considered more powerful as it was launched using HTTPs requests instead of HTTP requests being used in the record. HTTPs requests demand higher computational power, which meant that this recent attack could have been overwhelming for the intended platform.
The attack was also considered powerful because of the resources used to deploy the HTTPs request flood. This attack proved that DDoS attackers were becoming more powerful and were changing tactics, which could pose a major threat to targets in the future.
The Cloudflare report added that the botnet responsible for this recent attack comprised around 6000 bots. The botnet deployed payloads of up to 10 million requests per second. The origins of these attacks were traced to 112 countries. However, 15% of the power was linked to Indonesia, Russia, Brazil, India, Colombia and the United States.
The researchers at Cloudflare, Omer Yoachimik and Julien Desgats, added that within the countries where the attack happened, more than 1300 networks were used. They added that the high flow of traffic was caused by the data centres as the threat actors moved away from residential network ISPs to cloud computing ISPs.
“The top networks included the German provider Hetzner Online GmbH (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186), OVH in France (ASN 16276), as well as other cloud providers,” the report added.
The attackers exploited vulnerable servers to conduct these attacks. The analysis further indicates that some of the servers compromised to launch the DDoS were running on Java applications.
Patrick Donahue, the VP of Product at Cloudflare, released an email saying,” In this case, the attacker was using compromised servers on cloud hosting providers, some of which appear to be running Java-based applications. This is notable because of the recent discovery of a vulnerability (CVE-2022-21449) that can be used for authentication bypass in a wide range of Java-based applications.”
Donahue added that the researchers had detected many MikroTik routers being used in the attack. He noted that the data signified that the attackers could be exploiting the same vulnerability as the one exploited by the Meris botnet.
The DDoS attack on the cryptocurrency platform lasted for around 15 seconds. Cloudflare managed to combat the attack using the systems on its network of data centres. These systems detect any significant rise in traffic and step in to identify the origin of the attacks.
Attack on a crypto launchpad
The report from Cloudflare failed to mention the target of this DDoS attack. The report only stated that the attackers had targeted a cryptocurrency launchpad. A launchpad is a platform used by decentralized finance (DeFi) projects to secure funding.
“The attack, lasting less than 15 seconds, targeted a Cloudflare customer on the Professional (Pro) plan operating a crypto launchpad. Crypto launchpads are used to surface Decentralized Finance projects to potential investors. The attack was launched by a botnet that we’ve been observing – we’ve already seen large attacks as high as 10M rps matching the same attack fingerprint,” the report added.
The magnitude of this recent DDoS attack sheds light on the evolvement of the attackers and the race of targets to beef up their security measures. However, a new record high could be set soon as attackers evolve more rapidly.