Cloudflare blocked largest reported DDoS attack at 71M requests per second

Cloudflare reported a record number of hyper-volumetric DDoS attacks over the Feb. 11 weekend, detecting and mitigating more than a dozen attacks with an average of 50 million to 70 million requests per second.

The largest attack exceeded 71 million rps, which is the largest reported HTTP DDoS attack, according to Cloudlare's research. The volume is 35% higher than the previously reported record of 45 million rps from June 2022. Cloudflare detailed the attacks in a late Feb. 13 blog post.

The report follows a spate of DDoS attacks against critical infrastructure, including the ongoing massive Killnet campaign impacting at least 17 provider organizations. Industry leaders just yesterday warned the hacktivist group is already in the middle of a second round of attacks against the sector.

However, Cloudflare researchers do not believe the weekend’s surge of DDoS attacks are tied to the healthcare campaign, nor is it likely the attacks were tied to Sunday’s Super Bowl.

Threat actors have ramped up the size, sophistication, and frequency of DDoS attacks over the last several months. Cloudflare’s previous DDoS report showed the amount of HTTP-based DDoS attacks grew by 79% in the last year, and attacks with volumes exceeding 100 Gbps increased by 67% from the previous quarter. 

“But it doesn’t end there. The audacity of attackers has been increasing as well,” researchers wrote. Cloudflare also observed a steady increase of DDoS attacks with ransom demands throughout 2022 that peaked in November.

Cloudflare's crack down on the botnet

The latest round of attacks were HTTP/2-based and detected on websites protected by Cloudflare, including a gaming provider, cryptocurrency companies, hosting providers, and cloud computing platforms. The campaign originated from more than 30,000 IP addresses of multiple cloud providers.

Cloudflare has been working with the victims to “crack down on the botnet” and is offering service providers with a free botnet threat feed that will share threat intelligence from their IP and any ongoing attacks originating from their hosted autonomous system.

While DDos attacks against non-critical websites may not lead to permanent damage or safety risks, researchers warned entities should take action now before the next campaign: defending against DDoS attacks is critical for organizations of all sizes.” In healthcare, DDoS attacks against internet-facing devices and patient-connect tech pose a patient safety risk.

Websites, servers, and networks should use an automated detection and mitigation tool to reduce the impact of volumetric DDoS attacks. Researchers stressed that “while attacks may be initiated by humans, they are executed by bots — and to play to win, you must fight bots with bots.”

“Detection and mitigation must be automated as much as possible, because relying solely on humans to mitigate in real time puts defenders at a disadvantage,” they added. The Cloudflare post includes recommended measures to consider in preparation of the next DDoS wave, beginning with a basic verification that all access points are blocked from public exposure.

Healthcare organizations and other entities that could face safety risks with network outages should also review the Department of Health and Human Services Cybersecurity Coordination Center’s new threat alert on DDoS attacks to understand the risks and best practice security measures.