Imperva broke a new record when the company’s mitigation solution was able to defend one of its customers against a single attack that sent more than 25.3 billion requests.
While attacks with peaks of more than one million requests per second (RPS) last between several seconds and a few minutes, the Imperva mitigated attack lasted over four hours. The DDoS attack developed on June 27, 2022, peaking at 3.9 million requests per second (RPS) and averaging 1.8 million RPS.
Imperva’s mitigated DDoS attack was launched from a massive botnet spanning 180 countries, with most IP addresses located in the U.S., Brazil, and Indonesia. The botnet used 170,000 hijacked devices, including modem routers, smart surveillance cameras, vulnerable servers, and poorly protected IoTs.
According to Imperva, some of the servers from which the malicious traffic originated are hosted on public clouds and cloud security providers, indicating widespread abuse.
Research shows that the yet to be identified botnet is not a “Mantis,” the botnet behind Cloudflare’s DDoS mitigation record in the summer.
Since Mantis relies on a smaller number of devices, the number of devices used against Imperva’s client is closer to the Mēris estimates. Mēris is responsible for the previous DDoS record of 21.8 million RPS, and researchers estimate that the Mēris swarm includes between 30,000 and 250,000 devices.
The sources for this piece include an article in BleepingComputer.