Dozens of companies over the weekend were hit by distributed denial-of-service (DDoS) attacks, including the largest one yet recorded, or so Cloudflare says.
That record-breaking HTTP/2-based DDoS tsunami soared to more than 71 million requests-per-second, more than the previous record of 46 million rps blocked by Google in June 2022. It’s just record after record being broken, huh. Most of the other network flooding over the weekend peaked at between 50 million and 70 million rps.
The attacks, according to Cloudflare, originated from more than 30,000 IP addresses and targeted such businesses as gaming providers, hosting providers, cloud computing platforms, and cryptocurrency companies.
They also continued a growing trend of network traffic originating from cloud providers rather than residential ISPs, the more typical tools used by DDoS attackers who tend to roll IoT devices and home gateways into botnets.
“Over the past year, we’ve seen more attacks originate from cloud computing providers, Cloudflare researchers wrote in a report, adding that the network traffic used in the attacks over the weekend came from “numerous cloud providers.”
Given the increasing number of DDoS attacks coming from cloud providers, Cloudflare is trialing – what convenient timing – a free botnet threat feed to monitor attacks. Those interested in can sign up here to join the early access waiting list.
Script kiddies going for pay-to-play, for us all
HTTP DDoS attacks overwhelm websites with bogus traffic, and they’re efficient and inexpensive for miscreants to run.
The larger the botnet, the larger an attack can be. And DDoS-as-a-service platforms make it even easier and cheaper for cybercriminals to launch an attack, removing the time and cost of building a botnet by offering the platform for as little as $30 a month, Cloudflare said.
DDoS attacks are also increasingly lucrative, with crooks demanding payment from victims in return for shutting off the flood of traffic. According to Cloudflare, in the fourth quarter 2022, 16 percent of victims said they were targeted by ransom DDoS attacks, compared with 10 percent in Q1 2022.
Cloudflare said the weekend incidents from unknown attackers were unrelated to the high-profile DDoS attacks against US hospitals and health clinics by KillNet. The Russian-linked threat group claimed credit for attacks against healthcare facilities at such organizations as the University of Michigan, Stanford University, Duke University, and Cedars-Sinai.
The US Department of Health and Human Services issued an advisory [PDF] about the threat posed by KillNet and its attacks on healthcare institutions.
While ransomware gets a large share of the headlines, the web performance and security vendor said organizations shouldn’t sleep on the DDoS threat. The size, sophistication, and frequency of attacks has grown in recent months.
In Q4 2022, the number of HTTP DDoS attacks grew 79 percent year-over-year and the number of volumetric attacks of more than 100 Gb/s jumped 67 percent quarter-over-quarter, according a Cloudflare report. The number of attacks lasting more than three ours increased 87 percent quarter-over-quarter.
The massive DDoS attack Google blocked in June was one of several such record-breaking attacks. The same month, Cloudflare stopped an incident that generated 26 million rps, which was more than the then-record of 15.3 million rps that Cloudflare address in April 2022. ®