Saturday, February 8, 2025
HomeCyber Security NewsRecord-Breaking DDoS Attack - Over 71 Million RPS

Record-Breaking DDoS Attack – Over 71 Million RPS

Published on

SIEM as a Service

Follow Us on Google News

DDos is a malicious attempt to disturb the legitimate packets reaching the network equipment and services.

When the DDoS attack is in place, organizations may experience an outage with one or more services, as the attacker looted their resources with HTTP requests and traffic.

Record-Breaking DDoS Attack

The fourth and final quarter of 2022 insights shows that HTTP DDoS attacks increased by over 79% YoY and primarily targeted Aviation, Aerospace Gaming/Gambling, and Finance industries.

Also, the number of attacks lasting more than three hours increased by 87%, reads the Cloudflare recent report.

Over this weekend, Cloudflare observed and mitigated an HTTP/2-based DDoS attack that exceeded 71 million rps targeting a website protected by Cloudflare.

DDoS Graph @Cloudflare

The attacks originated from over 30,000 IP addresses and their targeted websites are gaming providers, cryptocurrency companies, hosting providers, and cloud computing platforms.

“Over the past year, we’ve seen more attacks originate from cloud computing providers,” reads Cloudflare’s statement.

Cloudflare working with the Cloud providers to crack down on the botnet that launches this record-breaking attack.

Breaking Down Time to Mitigation

Mitigation time is defined as the period from when the first DDoS attack packet hits your system to when your mitigation provider begins scrubbing incoming traffic.

The time taken to execute is Based on the organization size to implement the following mitigation steps.

Detection – The speed with which a mitigation service notices that a DDoS attack is taking place.
Sampling – The time taken to analyze traffic flows and create directives for scrubbing.
Scrubbing – The ongoing process of filtering out malicious traffic, based on patterns identified during the sampling process.

DDoS mitigation is time-sensitive. When organizations are defending their assets from this attack, it’s necessary to discover and remove the threat early. 

As cybersecurity experts know, with every minute that passes amid a DDoS attack, the mitigation gets more difficult and the company has to suffer greater financial damage.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...