Imperva mitigate 25.3 billion request DDoS attack on customer

Share post:

Imperva broke a new record when the company’s mitigation solution was able to defend one of its customers against a single attack that sent more than 25.3 billion requests.

While attacks with peaks of more than one million requests per second (RPS) last between several seconds and a few minutes, the Imperva mitigated attack lasted over four hours. The DDoS attack developed on June 27, 2022, peaking at 3.9 million requests per second (RPS) and averaging 1.8 million RPS.

Imperva’s mitigated DDoS attack was launched from a massive botnet spanning 180 countries, with most IP addresses located in the U.S., Brazil, and Indonesia. The botnet used 170,000 hijacked devices, including modem routers, smart surveillance cameras, vulnerable servers, and poorly protected IoTs.

According to Imperva, some of the servers from which the malicious traffic originated are hosted on public clouds and cloud security providers, indicating widespread abuse.

Research shows that the yet to be identified botnet is not a “Mantis,” the botnet behind Cloudflare’s DDoS mitigation record in the summer.

Since Mantis relies on a smaller number of devices, the number of devices used against Imperva’s client is closer to the Mēris estimates. Mēris is responsible for the previous DDoS record of 21.8 million RPS, and researchers estimate that the Mēris swarm includes between 30,000 and 250,000 devices.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Cyber Security Today, June 19, 2024 – How an attacker hid on an IT network for three years

How an attacker hid on an IT network for three years Welcome to Cyber Security Today. It's Wednesday June...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways