Cloudflare says it blocked a new record strength DDoS attack

DDoS Attack
(Image credit: Shutterstock)

Hackers are once again breaking records with some huge distributed denial of service (DDoS) attacks, withg DDoS mitigation firm Cloudflare claiming it recently blocked an attack that, at its peak, exceeded 71 million requests per second (rps). 

That made the attack the largest reported HTTP DDoS incident ever, surpassing the previous one (a 46 million rps attack from June 2022) by more than a third (35%). 

This specific incident was HTTP/2-based and deployed more than 30,000 IP addresses, Cloudflare further said. It was part of a larger campaign, consisting of “dozens” of hyper-volumetric incidents, most of which peaked at around 50-70 million rps. 

Growing more dangerous

The unnamed attackers targeted various companies, from popular gaming providers to cryptocurrency companies, hosting providers, and cloud computing platforms. What’s more, endpoints belonging to “numerous cloud providers” were used in these attacks, too.

As per Cloudflare, the size, sophistication, and frequency of DDoS attacks have been increasing over the past months, which should be cause for concern. The amount of HTTP DDoS attacks rose by almost four-fifths (79%) year-on-year, while the number of volumetric attacks exceeding 100 Gbps grew by more than two-thirds (67%) quarter-over-quarter. For the same time period, the number of attacks lasting more than three hours rose by 87%, as well.

The researchers are also saying that the attackers are getting more audacious. Ransom DDoS attacks have been steadily increasing throughout the year, they said, peaking in November 2022. Back then, one in every four businesses reported suffering a ransom DDoS attack or threat. 

In a ransom DDoS attack, a threat actor would launch a powerful distributed denial of service attack and demand a payment in cryptocurrency in order to stop the assault. DDoS attacks are also sometimes used as a follow-up attack following a ransomware infection, in order to disrupt both the front-end, and the back-end, of a company.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.