BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

InfoQ Dev Summit Boston

Discover transformative insights to level up your software development decisions. Register now with early bird tickets.
InfoQ Dev Summit Munich

Get practical advice from senior developers to navigate your current dev challenges. Register now with early bird tickets.
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage News Cloudflare Detects a Record 71 Million Request-Per-Second DDoS Attack

DevOps

Cloudflare Detects a Record 71 Million Request-Per-Second DDoS Attack

Bookmarks

Feb 28, 2023 2 min read

InfoQ Article Contest

Share your knowledge Win a ticket to a QCon event
or an InfoQ Dev SummitFind out more

On the weekend of 11th and 12th February, the USA-based NFL Super Bowl weekend, Cloudflare detected dozens of hyper-volumetrics DDoS attacks. These attacks peaked at 50-70 million requests per second (rps), with the highest at 71 million rps. This is the largest reported HTTP DDoS attack on record. This attack is 54% higher than the previous record registered in June 2022 with 46M rps.

                                  The peak of 71 million requests per second during the attack

The attacks were HTTP/2-based and originated from over 30000 IP addresses from numerous cloud providers. Cloudflare said it’s unlikely the attacks originated from the Killnet DDoS campaign that targets healthcare websites nor that is related to the US Super Bowl weekend.

The Distributed Denial of Service attack (DDoS) is a kind of cyber attack that aims to make the site unavailable for users. This kind of cyber attack is inexpensive for attackers and can be very efficient against unprotected websites.

                                  Schema to explain a DDoS attack

 

A DDoS attack is usually made with a flood of HTTP requests against the target website. An HTTP flood attack is a type of volumetric attack designed to overwhelm a target server with HTTP requests. With a sufficient amount of requests, the attacked website is unable to respond to normal traffic and the other requests become slow or out of service. To perform the attack, usually a large network of botnets is used: the attacker needs to orchestrate the botnet to bombard the attacked website. Creating this kind of botnet is not easy and requires a lot of investment and expertise, but an average user can pay about $30 per month to hire DDoS-as-a-service platforms.

The frequency and sophistication of DDoS attacks have been increasing over the months. Cloudflare reports an increase of 79% year-over-year in the amount of DDoS attacks. The number of volumetric attacks exceeding 100 Gbps grew by 67% quarter-over-quarter (QoQ) and by 87% QoQ of the attacks lasting more than three hours. The Ransom DDoS attacks increase as well through the year with a peak in November 2022.

                                  Ramson DDoS attacks and threats by quarter for 2021 and 2022

A possible explanation for this increase over the year is that it has become easier and cheaper to launch DDoS attacks. Unlike Ransomware attacks, which need a foothold such as an employee naively clicking an email with a malicious link that installs the malware and propagates it, DDoS attacks are more like hit-and-run attacks, where only the website address and/or the IP address are needed to perform the attack.

About the Author

Claudio Masolo

Show moreShow less

Rate this Article

Adoption
Style

This content is in the DevOps topic

Related Topics:
BT