Content delivery network provider Cloudflare Inc. revealed today that it has managed to detect and mitigate dozens of “hyper-volumetric” distributed denial-of-service attacks over the weekend of Feb. 11-12, including the largest reported HTTP DDoS attack on record.

The majority of the DDoS attacks peaked at about 50 million to 70 million requests per second, with the largest exceeding 71 million rps (pictured). The largest attack was 35% higher than the previously reported HTTP DDoS record of 46 million rps in June 2022.

According to Cloudflare, the attacks were HTTP/2-based and originated from over 30,000 IP addresses. Some of the targeted websites protected by Cloudflare included a popular gaming provider, cryptocurrency companies, hosting providers and cloud computing platforms.

The attacks originated from numerous cloud providers, with Cloudflare working with the unnamed providers to crack down on the botnet used in the DDoS attacks. The company notes that it has seen more attacks originate from cloud computing providers over the last year.

In response to cloud computing providers being used as attack points, Cloudflare is offering a free botnet threat feed for service providers. The feed gives providers threat intelligence about their own IP space and attack originating from within their autonomous systems.

The motivation for the attacks at the weekend is unclear, with Cloudflare saying they were neither related to the Super Bowl nor to Killnet. A DDoS attack from the Russian Killnet hacking group targeted healthcare organizations earlier this month.

Cloudflare noted that there had been an increase in the size and sophistication of DDoS attacks over the last few months. In its fourth-quarter DDoS threat report released in January, Cloudflare found that the number of HTTP DDoS attacks increased 79% year-over-year and that the number of volumetric attacks exceeding 100 gigabits per second grew 67% quarter-over-year.

The size of DDoS attacks has also been increasing every year. The record as of June 14 last year sat at 26 million rps before Google Cloud said in August said it had fended off a DDoS attack that peaked at 46 million rps also in June. The number of Ransom DDoS attacks has also increased, with one in every four Cloudflare customers reporting to have been subject to a Ransom DDOS attack or threats.

Image: Cloudflare