Cloudflare thwarts largest reported HTTP DDoS attack

A new record has been set for the largest reported HTTP DDoS attack, exceeding the previous record of 46 million requests per second (rps) in June 2022.

Cloudflare stated that it had managed to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP addresses.

According to a recent blog post by Cloudflare, a vendor specializing in DDoS attack mitigation, its customers were targeted by a series of volumetric DDoS (Distributed Denial of Service) attacks over the past weekend.

CloudFlare, Cyber Attack, DDOS, IoT, security

These DDoS attacks were intended to overwhelm their websites with a high volume of HTTP requests, but what’s worse, Cloudflare revealed that this was the largest reported HTTP DDoS attack on record.

Cloudflare further stated that it had to mitigate multiple “hyper-volumetric” DDoS attacks that originated from more than 30,000 IP addresses. This is part of a growing trend in DDoS attacks, which not only continue to increase in size but also originate from IP addresses within cloud-computing ecosystems.

“The majority of attacks peaked in the ballpark of 50–70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previously reported record of 46 million rps in June 2022,” Cloudflare wrote in its blog post published Monday 13th, February 2023.

“Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers and cloud computing platforms. The attacks originated from numerous cloud providers, and we have been working with them to crack down on the botnet.”

Cloudflare has also warned about the rising number of HTTP DDoS attacks. According to the company, such attacks increased by 79% year-over-year in Q4 of 2022.

While volumetric attacks are not as common as application-layer and protocol attacks, the firm warned that they still pose a significant threat to websites and networks.

With DDoS-for-hire services becoming increasingly available, it is easier than ever for threat actors to launch such attacks. Cloudflare noted that the larger and longer the attack, the more the threat actor is likely to charge.

Therefore, it is essential for organizations to take measures to protect themselves from these types of attacks, including implementing DDoS mitigation services and monitoring their networks for unusual traffic patterns.

Difference between a DDoS attack and a volumetric DDoS attack

A DDoS attack, as we know it, is a type of cyber attack in which multiple compromised Internet of Things (IoT) devices including security cameras, websites, computers, etc. are used to flood a targeted system or network with traffic, overwhelming its capacity and causing it to become inaccessible to legitimate users.

On the other hand, a volumetric DDoS attack is a specific type of DDoS attack that focuses on overwhelming the target system or network with a vast amount of malicious internet traffic. This can include floods of packets, requests, or data that exceed the capacity of the target to handle, effectively clogging or blocking its network connections and rendering it inaccessible.

Simply put: all volumetric DDoS attacks are DDoS attacks, but not all DDoS attacks are volumetric. Volumetric attacks are characterized by their extreme scale and are often difficult to mitigate, as they necessitate significant network capacity to handle the incoming traffic.

Other types of DDoS attacks may focus on specific vulnerabilities or weaknesses in the target’s infrastructure, such as application-level attacks or DNS amplification attacks.

  1. The Threat of Growing Ransom DDoS Attacks
  2. Akamai Mitigated Record-Breaking DDoS Attack
  3. Imperva mitigated massive ransom DDoS attacks
  4. Google Fends Off Largest Ever Layer 7 DDoS Attack
  5. Cloudflare Thwarts Largest Ever HTTPS DDoS Attack

Related Posts