Cloudflare Observed The Peak DDOS Attack of 201 Million HTTP Requests Per Second 

DDoS (Distributed Denial of Service) attacks are extremely destructive and alarming since they flood a target’s web services with overwhelming traffic.

This can disrupt or even completely disable:-

  • Websites
  • Servers
  • Networks

This can cause significant financial losses, damage to reputation, and potential security vulnerabilities.

Recently, cybersecurity analysts at Cloudflare observed the DDoS attack of 201 million HTTP requests per second. 

Peak DDOS Attack

With one of the world’s largest networks, Cloudflare handles vast data, serving 64 million HTTP requests per second and 2.3 billion DNS queries daily. 

Cloudflare prevents 140 billion cyber threats daily, offering valuable insights into DDoS trends. 

Attacks against Israeli websites using Cloudflare
Attacks against Israeli websites using Cloudflare (Source – Cloudflare)

Lately, there’s been a rise in DDoS attacks against:-

  • Israeli media sites
  • Israeli financial sites
  • Israeli government sites
  • Palestinian websites

HTTP DDoS attacks target web properties, including mobile apps and e-commerce sites, exploiting HTTP/2 for better performance, which can aid botnets.

An HTTP DDoS attack Cloudflare
An HTTP DDoS attack Cloudflare (Source – Cloudflare)

From late August 2023, Cloudflare and others faced a relentless DDoS campaign, exploiting the CVE-2023-44487 HTTP/2 Rapid Reset vulnerability. 

These attacks reached millions of requests per second, averaging 30M rps, with some hitting 201M rps.

Cloud-based botnets using HTTP/2 deliver 5,000 times more power per node, enabling hyper-volumetric DDoS attacks with small 5-20K node botnets, far surpassing previous IoT botnets with millions of nodes, reads the report.

Over two months, the following percentage of attacks were performed:-

  • 19% of attacks hit Cloudflare infrastructure
  • 18% targeted gaming companies
  • 10% went after recognized VoIP providers

The attack campaign caused a 65% QoQ increase in HTTP DDoS attacks, totaling 8.9 trillion requests mitigated by Cloudflare. L3/4 attacks also increased by 14%, driven by large volumetric attacks, with the largest reaching 2.6 Tbps, launched by a variant of Mirai botnet.

Top HTTP DDoS Attack Sources

Here below, we have mentioned all the top HTTP DDoS attack sources:-

  • United States with 15.78%
  • China with 12.62%
  • Brazil with 8.74%
  • Germany with 7.52%
  • Indonesia with 5.36%
  • Argentina, with 3.04%
  • Russian Federation with 2.73%
  • India with 2.48%
  • Egypt with 2.33%
  • Netherlands with 2.26%

Top Attacked Industries

Here below, we have mentioned all the top attacked industries:-

  • Gaming & Gambling with 5.41%
  • Information Technology and Internet with 4.38%
  • Cryptocurrency with 3.43%
  • Computer Software with 2.16%
  • Telecommunications with 1.58%
  • Marketing & Advertising with 1.43%
  • Retail with 1.36%
  • BFSI with 0.33%
  • Hospitality with 0.20%
  • Online Media with 0.18%

Cloudflare users with HTTP reverse proxy (CDN/WAF) are shielded from HTTP DDoS attacks. Others, including non-HTTP users and those not using Cloudflare, should adopt automated HTTP DDoS protection.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.