Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack

Over the weekend, numerous record-breaking HTTP/2-based DDoS attacks were detected and mitigated by Cloudflare. The largest attack exceeded 71 million requests per second (rps), making it the highest reported HTTP DDoS attack on record, significantly surpassing the previous peak of 46M rps from June 2022. These attacks originated from over 30,000 IP addresses and targeted websites protected by Cloudflare. The affected sites included popular gaming providers, cryptocurrency companies, hosting providers, and cloud computing platforms. As more DDoS attacks emerge from cloud computing providers, Cloudflare plans to provide a free Botnet threat feed for service providers that own their autonomous system. This feed will offer IP space-specific threat intelligence on attacks. The frequency, sophistication, and size of DDoS attacks have been increasing, with HTTP DDoS attack numbers rising by 79% year over year. In November 2022, one out of every four surveyed customers faced Ransom DDoS attacks or threats. To defend against these attacks, organizations should ensure proper settings for managed rules and consider enabling adaptive DDoS protection, deploying firewall rules and rate limiting rules, utilizing Bot Management threat scores in firewall rules, and enabling alert systems.