On the weekend of 11 and 12 February, the Super Bowl weekend, CloudFlare detected dozens of hyper-volumetrics DDoS attacks. These attacks peaked at 50-70 million requests per second (rps), with the highest at 71 million rps. This is the largest reported HTTP DDoS attack on record. This attack is 54% higher than the previous record registered in June 2022 with 46M rps.

                                  The peak of 71 million requests per second during the attack

The attacks were HTTP/2-based and originated from over 30.000 IP addresses from numerous cloud providers. CloudFlare said it’s unlikely the attacks originated from the Killnet DDoS campaign that targets healthcare websites nor that is related to the US Super Bowl weekend.

The Distributed Denial of Service attack (DDoS) is a kind of cyber attack that aims to make the unavailable for the user the internet properties. This kind of cyber attack is very inexpensive for attackers and can be very efficient against unprotected websites.

                                  Schema to explain a DDoS attack

A DDoS attack is usually made with a flood of HTTP requests against the target website. An HTTP flood attack is a type of volumetric attack designed to overwhelm a target server with HTTP requests. With a sufficient amount of requests, the attacked website is unable to respond to normal traffic and the other requests become slow or out of service. To perform the attack, usually a large network of botnets is used: the attacker needs to orchestrate the botnet to bombard the attacked website. Creating this kind of botnet is not easy and requires a lot of investment and expertise, but an average user can pay about $30 per month to hire DDoS-as-a-service platforms.

The frequency and sophistication of DDoS attacks have been increasing over the months. CloudFlare reports an increase of 79% year-over-year in the amount of DDoS attacks. The number of volumetric attacks exceeding 100 Gbps grew by 67% quarter-over-quarter (QoQ) and by 87% QoQ of the attacks lasting more than three hours. The Ransom DDoS attacks increase as well through the year with a peak in November 2022.

                                  Ramson DDoS attacks and threats by quarter for 2021 and 2022

A possible explanation for this increase over the year is that it has become easier and cheaper to launch DDoS attacks. Unlike Ransomware attacks, those need a foothold like an employee naively clicking an email with a malicious link that installs the malware and propagates it. DDoS attacks are more like hit-and-run attacks, only the website address and/or the IP address are needed to perform the attack.