- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Cloudflare Stops Largest HTTPS DDoS Attack on Record
A DDoS-mitigation vendor said its customers were hit with a wave of volumetric attacks over the weekend designed to flood their websites with HTTP requests, including the largest such attack on record.
Cloudflare explained in a blog post that it was forced to mitigate dozens of the “hyper-volumetric” DDoS attacks, which were launched from over 30,000 IP addresses.
“The majority of attacks peaked in the ballpark of 50–70 million requests per second (rps) with the largest exceeding 71 million rps. This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46 million rps in June 2022,” it explained.
“Some of the attacked websites included a popular gaming provider, cryptocurrency companies, hosting providers and cloud computing platforms. The attacks originated from numerous cloud providers, and we have been working with them to crack down on the botnet.”
The campaign follows a recent trend of DDoS attacks, not only in their increasing size but the fact they originate from IP addresses inside cloud computing ecosystems.
According to CompTIA, volumetric attacks are actually the least common form of DDoS, with far fewer seen than application-layer and protocol attacks.
However, Cloudflare warned that in Q4, HTTP DDoS attacks increased by 79% year-over-year.
“Furthermore, the amount of volumetric attacks exceeding 100 Gbps grew by 67% quarter-over-quarter (QoQ), and the number of attacks lasting more than three hours increased by 87% QoQ,” it added.
“The audacity of attackers has been increasing as well. In our latest DDoS threat report, we saw that ransom DDoS attacks steadily increased throughout the year. They peaked in November 2022 where one out of every four surveyed customers reported being subject to Ransom DDoS attacks or threats.”
DDoS-for-hire services make it relatively easy for threat actors to launch attacks today, and as Cloudflare said, “the more you pay, the larger and longer of an attack you’re going to get.”
Editorial credit icon image: photo_gonzo / Shutterstock.com