Massive HTTP DDoS Attack Hits Record High of 71 Million Requests/Second

Share This Post

Web infrastructure company Cloudflare on Monday disclosed that it thwarted a record-breaking distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS).

“The majority of attacks peaked in the ballpark of 50-70 million requests per second (RPS) with the largest exceeding 71 million,” the company said, calling it a “hyper-volumetric” DDoS attack.

It’s also the largest HTTP DDoS attack reported to date, more than 35% higher than the previous 46 million RPS DDoS attack that Google Cloud mitigated in June 2022.

Cloudflare said the attacks singled out websites secured by its platform and they emanated from a botnet comprising more than 30,000 IP addresses that belonged to “numerous” cloud providers.

Targeted websites included a popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms.

HTTP attacks of this kind are designed to send a tsunami of HTTP requests toward a target website, typically in order of magnitude higher than what the website can handle, with the goal of rendering it inaccessible.

“Given a sufficiently high amount of requests, the website’s server will not be able to process all of the attack requests along with the legitimate user requests,” Cloudflare said.

“Users will experience this as website-load delays, timeouts, and eventually not being able to connect to their desired websites at all.”

The development comes as the size, sophistication, and frequency of DDoS attacks are on the rise, with the company recording a 79% spike in HTTP DDoS attacks year-over-year in the final quarter of 2022.

What’s more, the number of volumetric attacks lasting more than three hours surged by 87% when compared to the previous three-month period.

Some of the major attacked industry verticals during the time period include aviation, education, gaming, hospitality, and telecom. Georgia, Belize, and San Marino emerged as some of the top countries targeted by HTTP DDoS attacks in Q4 2022.

Network-layer DDoS attacks, on the other hand, singled out China, Lithuania, Finland, Singapore, Taiwan, Belgium, Costa Rica, the U.A.E, South Korea, and Turkey.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The Hacker News

Read More

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.
Article

BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .