
Cloudflare has revealed that it has managed to detect and mitigate dozens of hyper-volumetric DDoS attacks over the weekend of Feb. 11-12, including the largest reported HTTP DDoS attack on record.
Most of the DDoS attacks peaked at about 50 million to 70 million requests per second, with the largest exceeding 71 million rps. The largest attack was 35% higher than the previously reported HTTP DDoS record of 46 million rps in June 2022.
The attacks were HTTP/2-based and originated from over 30,000 IP addresses. Some of the targeted websites protected by Cloudflare included a popular gaming provider, cryptocurrency companies, hosting providers and cloud computing platforms.
The attacks originated from numerous cloud providers, with Cloudflare working with the unnamed providers to crack down on the botnet used in the DDoS attacks.
The motivation for the attacks at the weekend is unclear, with Cloudflare saying they were neither related to the Super Bowl nor to Killnet.
Cloudflare noted that there had been an increase in the size and sophistication of DDoS attacks over the last few months. The size of DDoS attacks has also been increasing every year. The record as of June 14 last year sat at 26 million rps before Google Cloud said in August said it had fended off a DDoS attack that peaked at 46 million rps also in June.
Cloudflare is offering a free botnet threat feed for cloud service providers. The feed gives providers threat intelligence about their own IP space and attack originating from within their autonomous systems.