Cloudflare, the global content delivery network and web security company, is reporting a surge in hyper-volumetric HTTP DDoS attacks.
These attacks are incredibly powerful and can overwhelm even the most well-defended websites and servers.
A Cloudflare report shared with BleepingComputer reveals that, during Q3 2023, the internet company mitigated thousands of hypervolumetric HTTP DDoS attacks.
Over 89 of these attacks exceeded 100 million requests per second (rps), and the largest one peaked at 201 million rps, three times larger than the previous record, which occurred in February 2023.
These attacks are made possible by exploiting a new technique named ‘HTTP/2 Rapid Reset,’ which threat actors have leveraged as a zero-day since August 2023.
The company says HTTP/2 Rapid Reset attacks have been employing VM-based botnets sized between 5-20 thousand nodes instead of millions of weak IoTs, able to deliver a much more significant punch per node.
Overall, Cloudflare reports a 65% rise in the aggregated volume of HTTP DDoS attack traffic in the last quarter and an increase of 14% in L3/L4 DDoS attacks.
The attacks are targeting a wide range of industries, including cryptocurrency, gaming, and marketing. Cloudflare says that it is seeing a particularly high number of attacks targeting cryptocurrency websites.
The company is urging its customers to take steps to protect themselves from these attacks, such as using a web application firewall (WAF) and a DDoS mitigation service.
