Cloudflare Stops Largest HTTP DDoS Attack on Record

Written by

A DDoS-mitigation vendor said its customers were hit with a wave of volumetric attacks over the weekend designed to flood their websites with HTTP requests, including the largest such attack on record.

Cloudflare explained in a blog post that it was forced to mitigate dozens of the “hyper-volumetric” DDoS attacks, which were launched from over 30,000 IP addresses.

“The majority of attacks peaked in the ballpark of 50–70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46 million rps in June 2022,” it explained.

“Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers and cloud computing platforms. The attacks originated from numerous cloud providers, and we have been working with them to crack down on the botnet.”

The campaign follows a recent trend of DDoS attacks, not only in their increasing size but the fact they originate from IP addresses inside cloud computing ecosystems.

According to CompTIA, volumetric attacks are actually the least common form of DDoS, with far fewer seen than application-layer and protocol attacks.

However, Cloudflare warned that in Q4, HTTP DDoS attacks increased by 79% year-over-year.

“Furthermore, the amount of volumetric attacks exceeding 100 Gbps grew by 67% quarter-over-quarter (QoQ), and the number of attacks lasting more than three hours increased by 87% QoQ,” it added.

“The audacity of attackers has been increasing as well. In our latest DDoS threat report, we saw that ransom DDoS attacks steadily increased throughout the year. They peaked in November 2022 where one out of every four surveyed customers reported being subject to Ransom DDoS attacks or threats.”

DDoS-for-hire services make it relatively easy for threat actors to launch attacks today, and as Cloudflare said, “the more you pay, the larger and longer of an attack you’re going to get.”

Editorial credit icon image: photo_gonzo / Shutterstock.com

What’s hot on Infosecurity Magazine?