During the weekend of Feb. 11-12, 2023, content delivery network provider Cloudflare detected and mitigated an unusually high number of hyper-volumetric DDoS attacks. It did not disclose the targets but mentioned some of the attacked websites. These included a gaming provider, hosting providers, cloud computing platforms, and cryptocurrency companies.
The attack ranged between 50 to 70 million requests per second (rps) and peaked at 71 million rps. That is the largest reported HTTP DDoS attack, surpassing the 46 rps recorded in June 2022.
What Is a DDoS Attack?
Short for Distributed Denial-of-Service, this is a malicious attempt by a third party to disrupt a server or network by overwhelming it with internet traffic.
Perpetrators need multiple sources of traffic to achieve this. A common tactic is to infect
several machines with malware. They exploit these systems to divert traffic to their target.
Most users do not even realize their computer or smartphone is infected and used for this
purpose.
The amount of traffic sent to a website can clog the network and make it unavailable to
customers. Not only could this disrupt business operations, but it could also lead to a loss of revenue and angry customers.
Where the Attack Came From
Cloudflare detected that the traffic source was coming from several cloud providers. They
worked together to stop the connection and prevent it from achieving its goal.
Damian Mensher, a security reliability engineer from Google, confirmed that Google Cloud
was among those affected providers. He said, “Thanks Cloudflare for your partnership in
getting the infrastructure dismantled.”
Cloudflare does not believe that the attack was related to the recent health care website
ransomware attacks or the Super Bowl.
How to Protect Against DDoS Attacks
Many organizations rely on their websites to connect with their customers. Whether it is
gathering messages or taking orders, these are crucial parts of the operations. To prevent a
DDoS attack, companies can:
1. Fortify network architecture
2. Reduce attack surface exposure by using a CDN
3. Have early detection systems in place
4. Understand warning signs
5. Have a comprehensive security solution
Prevention is always better than cure. And with the rise of malicious attacks, cybersecurity is a smart investment for organizations.