Cloudflare, the web infrastructure company, stopped an unprecedented DDoS attack on Monday with a record-breaking peak of over 71 million requests per second. This historic “hyper-volumetric” attack was the largest HTTP DDoS attack on record, surpassing the previous 46 million RPS attack that was mitigated by Google Cloud in June 2022.
These massive attacks targeted websites protected by the Cloudflare platform, coming from a botnet with over 30,000 IP addresses across multiple cloud providers. The targeted websites included popular gaming providers, cryptocurrency companies, hosting providers, and cloud computing platforms.
HTTP attacks like this aim to overload a website with HTTP requests, far beyond its ability to handle, in an attempt to render it inaccessible. When the volume of requests becomes too high, the website’s server is unable to process both attack requests and legitimate user requests, causing website delays, timeouts, and complete connectivity failure.
As the size, sophistication, and frequency of DDoS attacks are rising, Cloudflare recorded a 79% increase in HTTP DDoS attacks in the last quarter of 2022. This trend is confirmed by the 87% increase in volumetric attacks lasting more than three hours when compared to the previous quarter.
During the period, the major industries targeted by HTTP DDoS attacks included aviation, education, gaming, hospitality, and telecom. The top countries under attack were Georgia, Belize, and San Marino. Meanwhile, network-layer DDoS attacks targeted China, Lithuania, Finland, Singapore, Taiwan, Belgium, Costa Rica, the U.A.E, South Korea, and Turkey.
