Cloudflare blocked record-breaking 71 million request-per-second DDoS attack

Cloudflare mitigated a record distributed denial-of-service (DDoS) that reached 71 Million requests per second.

Cloudflare announced it has mitigated a record hyper-volumetric distributed denial-of-service (DDoS) attack that peaked at over 71 million requests per second (RPS).

The company pointed out that this is the largest reported HTTP distributed denial-of-service attack on record, the volume was more than 35% higher than the previously reported record of 46M rps that was mitigated in June 2022 by Google.

The attack was part of a series of record-breaking DDoS attacks blocked by Cloudflare during the weekend.

“This was a weekend of record-breaking DDoS attacks. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps.” reads the post published by Cloudflare. “This is the largest reported HTTP DDoS attack on record, more than 35% higher than the previous reported record of 46M rps in June 2022.”

The HTTP/2-based attacks originated from over 30,000 IP addresses and aimed at popular gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms. The experts added that the DDoS attacks originated from numerous cloud providers, Cloudflare is working with them to dismantle the botnet behind the malicious traffic.

Cloudflare states that over the past year, they have observed a growing number of distributed denial-of-service attacks originating from cloud computing providers. For this reason, the company will provide service providers that own their own autonomous systems with a free Botnet threat feed. The feed will provide service providers threat intelligence about their own IP space.

The experts explained that the attacks that were mitigated during the weekend are not related to campaigns launched by the pro-Russia Killnet group that targeted healthcare websites. The company added that the attacks are related to the US Super Bowl.

The experts warn that the size, sophistication, and frequency of distributed denial-of-service attacks has been increasing over the past months.

In the latest DDoS threat report published by Cloudflare, the company estimated that the amount of HTTP DDoS attacks increased by 79% year-over-year. The amount of volumetric attacks exceeding 100 Gbps grew by 67% quarter-over-quarter (QoQ), and the number of attacks lasting more than three hours increased by 87% QoQ.

“The audacity of attackers has been increasing as well. In our latest DDoS threat report, we saw that Ransom DDoS attacks steadily increased throughout the year. They peaked in November 2022 where one out of every four surveyed customers reported being subject to Ransom DDoS attacks or threats.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, distributed denial-of-service)