Pierluigi Paganini
September 21, 2022
Cybersecurity firm Imperva mitigated a DDoS attack with over 25.3 billion requests on June 27, 2022. According to the experts, the attack marks a new record for Imperva’s application DDoS mitigation solution.
The attack targeted an unnamed Chinese telecommunications company and outstands for its duration, it lasted more than four hours and peaked at 3.9 million RPS.
“On June 27, 2022, Imperva mitigated a single attack with over 25.3 billion requests, setting a new record for Imperva’s application DDoS mitigation solution” reads the announcement. “While attacks with over one million requests per second (RPS) aren’t new, we’ve previously only seen them last for several seconds to a few minutes. On June 27, Imperva successfully mitigated a strong attack that lasted more than four hours and peaked at 3.9 million RPS.”
The Chinese telecommunications company was already targeted by large attacks in the past, and experts added that two days later a new DDoS attack hit its website, although the attack was shorter in duration.
The average rate for this record-breaking attack was 1.8 million RPS. Threat actors used HTTP/2 multiplexing, or combining multiple packets into one, to send multiple requests at once over individual connections.
The technique employed by the attackers is difficult to detect and can bring down targets using a limited number of resources.
“Since our automated mitigation solution is guaranteed to block DDoS in under three seconds, we estimate that the attack could have reached a much greater rate than our tracked peak of 3.9 million RPS.” continues Imperva.
This specific attack was launched botnet composed of almost 170,000 different IPs, including routers, security cameras and compromised servers. The compromised devices are located in over 180 countries, most of them in the US, Indonesia, and Brazil.
On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked in July and that hit the same customer.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, DDoS)
[adrotate banner=”5″]
[adrotate banner=”13″]
