Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare

Cloudflare over the weekend mitigated a record-setting DDoS attack that peaked at 71 million requests per second.

Web protection company Cloudflare over the weekend mitigated a record-setting distributed denial-of-service (DDoS) attack that peaked at 71 million requests per second (RPS).

The assault, the company says, was the largest HTTP DDoS attack on record, but was not the only one observed this past weekend.

In fact, Cloudflare identified and mitigated dozens of DDoS attacks at the end of last week, most of which peaked between 50-70 million RPS.

The wave of assaults was far higher than previously recorded HTTP DDoS attacks. The largest was 35% higher than a 46 million RPS DDoS attack seen by Google in June 2022.

“The attacks were HTTP/2-based and targeted websites protected by Cloudflare. They originated from over 30,000 IP addresses,” Cloudflare says.

HTTP DDoS attacks consist of large amounts of HTTP requests directed at the targeted website. If the number of requests is high enough, the server is no longer able to process them, and the website becomes unresponsive.

Originating from multiple cloud providers, the DDoS attacks targeted the websites of cryptocurrency firms, cloud computing platforms, a gaming provider, and hosting providers.

According to Cloudflare, the attacks do not appear to be related to the Killnet DDoS campaign that targeted healthcare providers two weeks ago, nor to the US Super Bowl gaming event that took place this weekend.

Advertisement. Scroll to continue reading.

The company notes that the frequency, size, and sophistication of DDoS attacks has been constantly increasing over the past years. The number of HTTP DDoS attacks observed in 2022 almost doubled compared to 2021.

Last week, the Tor Project revealed that the Tor network had been under constant DDoS pressure for seven months, with some of the attacks preventing users from accessing websites.

Related: Pro-Russian Group DDoS-ing Governments, Critical Infrastructure in Ukraine, NATO Countries

Related: Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities

Related: US Charges Six in Operation Targeting 48 DDoS-for-Hire Websites

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.