Cloudflare says it blocked the largest DDoS attack ever recorded, peaking at 71 million requests per second. It surpasses, by far, the previous record, with the attack suffered by Google last summer.
Cloudflare lived the weekend of all records. A few days ago, the Internet security company, which has a global cloud platform, was particularly shaken up after detecting and mitigating dozens of DDoS attacks (denial of service attacks), the most significant of them exceeding 71 million requests per second. The record was previously attributed to the DDoS attack suffered by Google in August 2022, which had reached 46 million requests per second.
Hyper-volume attacks from 30,000 IP addresses
The attack absorbed by Cloudflare is thus 35% higher than the previous record. These were HTTP/2 attacks, a type of DDoS attack, which originated from over 30,000 IP addresses. Among the websites attacked, we find a game provider well known to the general public, hosting providers, cloud computing platforms and even cryptocurrency companies. Their identity has not filtered.
These DDoS attacks, described as hyper-volumetric, lasted a little less than 5 minutes, peaking around 1 minute after their launch, before they faded away and ended a few tens of seconds later.
In its bulletin, Cloudflare explains that the attacks came from multiple cloud providers, with which the company was able to work to fight against botnets.
Difficult to identify where the attackers are
Regarding the motivations and actors behind the attacks that occurred this weekend before Valentine’s Day, Cloudflare refuses to attribute them to the Super Bowl (which took place on the night of February 12 to 13 for us French) or to the Russia. But what is certain is that exploiting botnets to carry out such attacks requires significant resources.
The attacks blocked by Cloudflare come in a context where DDoS attacks have recently increased. In the last quarter of 2022, their growth was measured at 14% compared to the third quarter. And these attacks are longer and stronger than in the past. Those lasting more than 3 hours have thus increased by 87% compared to the third quarter. Tourism (aviation and aerospace sites account for 35% of HTTP DDoS attacks), events, gaming and the education sector concentrate the majority of attacks.
Distributed denial of service attacks involve flooding a site with as many requests as possible (more than it can handle at least) using a network of bots. They remain particularly effective for any organization, group or state that wishes to block an unprotected machine or website. Their effectiveness is often judged by the disruption they cause, and they can sometimes be very significant, in addition to the fact that their cost is financially low for hackers. If the number of requests is large enough, users making legitimate requests may experience a timeout on entry or an inability to connect.
Source : Cloudflare
7