Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare

Cloudflare over the weekend mitigated a record-setting DDoS attack that peaked at 71 million requests per second.

Web protection company Cloudflare over the weekend mitigated a record-setting distributed denial-of-service (DDoS) attack that peaked at 71 million requests per second (RPS).

The assault, the company says, was the largest HTTP DDoS attack on record, but was not the only one observed this past weekend.

In fact, Cloudflare identified and mitigated dozens of DDoS attacks at the end of last week, most of which peaked between 50-70 million RPS.

The wave of assaults was far higher than previously recorded HTTP DDoS attacks. The largest was 35% higher than a 46 million RPS DDoS attack seen by Google in June 2022.

“The attacks were HTTP/2-based and targeted websites protected by Cloudflare. They originated from over 30,000 IP addresses,” Cloudflare says.

HTTP DDoS attacks consist of large amounts of HTTP requests directed at the targeted website. If the number of requests is high enough, the server is no longer able to process them, and the website becomes unresponsive.

Originating from multiple cloud providers, the DDoS attacks targeted the websites of cryptocurrency firms, cloud computing platforms, a gaming provider, and hosting providers.

According to Cloudflare, the attacks do not appear to be related to the Killnet DDoS campaign that targeted healthcare providers two weeks ago, nor to the US Super Bowl gaming event that took place this weekend.

The company notes that the frequency, size, and sophistication of DDoS attacks has been constantly increasing over the past years. The number of HTTP DDoS attacks observed in 2022 almost doubled compared to 2021.

Last week, the Tor Project revealed that the Tor network had been under constant DDoS pressure for seven months, with some of the attacks preventing users from accessing websites.

Related: Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

Related: Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities

Related: US Charges Six in Operation Targeting 48 DDoS-for-Hire Websites

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.