Cloudflare says it sees the largest DDoS attack of 71 million requests per second

Cloudflare says it repelled the largest HTTP DDoS attack the company has ever seen over the weekend. It would be an HTTP/2 attack that at its peak exceeded 71 million requests per second. This made the attack more than a third larger than the previous record.

Cloudflare writes that it repelled several DDoS attacks for customers over the past weekend. This concerns several dozen attacks, the majority of which fired between 50 and 70 million requests per second. In the most serious case, one of the attacks amounted to 71 million rps. During the previous largest attack ever detected by Cloudflare, 46 million rps were fired towards targets. That happened in June of 2022. Google also struck in August such a big attack.

Cloudflare does not provide many details about the attack, but according to the company it concerns HTTP/2 attacks in which the requests came from 30,000 different IP addresses. The attacks took place on various websites of game providers, cryptocurrency companies, hosting providers and cloud platforms. According to Cloudflare, the botnets were controlled from ‘many cloud providers’, although the company did not provide further details.

The attack is said to be unrelated to recent attacks last week on hospitals and other healthcare facilities. The attackers would use other methods for this. Cloudflare also says that the attack has nothing to do with the Superbowl, which took place in America this weekend.

Experts have been seeing an increase in not only the number of DDoS attacks for years, but also their sizes. These are becoming larger, among other things, because botnets are being set up more professionally, so that they can better scan for IoT devices that are being used for an attack. Cloudflare says DDoS attacks are becoming more common as an extortion method. According to the company, this would have increased in the last quarter of 2022. Experts have been warning for years about DDoS attacks that are used as an alternative to ransomware, but due to their often short duration and better defense methods against DDoS attacks, this is less common in practice than system encryption or data theft.