DDoS (Distributed Denial of Service) attacks are extremely destructive and alarming since they flood a target’s web services with overwhelming traffic.
This can disrupt or even completely disable:-
- Websites
- Servers
- Networks
This can cause significant financial losses, damage to reputation, and potential security vulnerabilities.
Recently, cybersecurity analysts at Cloudflare observed the DDoS attack of 201 million HTTP requests per second.
Peak DDOS Attack
With one of the world’s largest networks, Cloudflare handles vast data, serving 64 million HTTP requests per second and 2.3 billion DNS queries daily.
Cloudflare prevents 140 billion cyber threats daily, offering valuable insights into DDoS trends.
Lately, there’s been a rise in DDoS attacks against:-
- Israeli media sites
- Israeli financial sites
- Israeli government sites
- Palestinian websites
HTTP DDoS attacks target web properties, including mobile apps and e-commerce sites, exploiting HTTP/2 for better performance, which can aid botnets.
From late August 2023, Cloudflare and others faced a relentless DDoS campaign, exploiting the CVE-2023-44487 HTTP/2 Rapid Reset vulnerability.
These attacks reached millions of requests per second, averaging 30M rps, with some hitting 201M rps.
Cloud-based botnets using HTTP/2 deliver 5,000 times more power per node, enabling hyper-volumetric DDoS attacks with small 5-20K node botnets, far surpassing previous IoT botnets with millions of nodes, reads the report.
Over two months, the following percentage of attacks were performed:-
- 19% of attacks hit Cloudflare infrastructure
- 18% targeted gaming companies
- 10% went after recognized VoIP providers
The attack campaign caused a 65% QoQ increase in HTTP DDoS attacks, totaling 8.9 trillion requests mitigated by Cloudflare. L3/4 attacks also increased by 14%, driven by large volumetric attacks, with the largest reaching 2.6 Tbps, launched by a variant of Mirai botnet.
Top HTTP DDoS Attack Sources
Here below, we have mentioned all the top HTTP DDoS attack sources:-
- United States with 15.78%
- China with 12.62%
- Brazil with 8.74%
- Germany with 7.52%
- Indonesia with 5.36%
- Argentina, with 3.04%
- Russian Federation with 2.73%
- India with 2.48%
- Egypt with 2.33%
- Netherlands with 2.26%
Top Attacked Industries
Here below, we have mentioned all the top attacked industries:-
- Gaming & Gambling with 5.41%
- Information Technology and Internet with 4.38%
- Cryptocurrency with 3.43%
- Computer Software with 2.16%
- Telecommunications with 1.58%
- Marketing & Advertising with 1.43%
- Retail with 1.36%
- BFSI with 0.33%
- Hospitality with 0.20%
- Online Media with 0.18%
Cloudflare users with HTTP reverse proxy (CDN/WAF) are shielded from HTTP DDoS attacks. Others, including non-HTTP users and those not using Cloudflare, should adopt automated HTTP DDoS protection.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.