DDoS attackers shattered previous records with never-before-seen malicious activity during the third quarter. The 89 reported DDoS attacks bombarded Cloudflare’s servers with more than 100 million requests each second. The previous all-time high was below 71 million.
Cloudflare, one of the backbones of the modern internet, has seen a massive increase in the size of DDoS (distributed denial of service) attacks.
The largest attack peaked at 201 million requests per second, three times higher than the previous largest attack. A special name for these massive DDoS attacks has been created – they’re now known as “hyper-volumetric.”
“Cloudflare faced one of the most sophisticated and persistent DDoS attack campaigns in recorded history,” the company’s report reads.
That is still shy of Google’s mitigated largest DDoS attack ever, culminating at 398 million requests per second in August.
During the third quarter, HTTP, or application level, DDoS attack traffic increased by 65% compared to the previous quarter. Network and transport Layer (L3/L4) DDoS attacks also intensified by 14%.
The average attack rate of a “hyper-volumetric” DDoS attack was 30 million requests per second, and Cloudflare had to deal with thousands of them. Its systems automatically detected and mitigated most of the attacks.
Numerous attacks recorded a scale of terabit-per-second, with the largest reaching 2.6 Tbps.
Gaming and gambling companies experienced the highest volume of HTTP DDoS attack traffic, surpassing the Cryptocurrency industry from the previous quarter.
“In recent weeks, we've also observed a surge in DDoS attacks and other cyber attacks against Israeli newspaper and media websites, as well as financial institutions and government websites. Palestinian websites have also seen a significant increase in DDoS attacks,” Cloudflare noted and shared that hourly DDoS requests against Israel reach as high as 700 million requests per hour.
Increase is related to HTTP/2 Rapid Reset vulnerability
New large attacks exploit a novel HTTP/2 Rapid Reset vulnerability to disrupt websites and internet services.
Starting in late August 2023, Cloudflare and various other vendors were subject to sophisticated and persistent DDoS attack campaigns.
Malicious actors used cloud computing providers and virtual machines (VM) as a force multiplier. VM-based botnets, leveraging cloud computing platforms and exploiting HTTP/2, were able to generate significantly more force. Cloudflare estimates that each botnet node could generate up to 5,000 times more requests than the usual IoT-based botnets.
“19% of all attacks targeted Cloudflare websites and infrastructure. Another 18% targeted gaming companies, and 10% targeted well-known VoIP providers,” Cloudflare noted.
Most novel DDoS attacks originated from the United States, while the second largest traffic source was China. The US was also the most attacked country by application layer attacks, as almost 5% of the DDoS traffic targeted users here.
Chinese internet networks and services remained the most targeted by L3/4 DDoS attacks, with a 29% share.
Attackers mainly focused on flooding DNS servers, which serve as the phone book of the internet. 47% of DDoS attacks were DNS-based, with SYN flood attacks being the second largest (22%).
“Occasionally, DDoS attacks are carried out to extort ransom payments,” Cloudflare notes, and expects more seasonal attacks during November and December.
More from Cybernews:
Subscribe to our newsletter