DDoS attacks have only gotten more sophisticated as time goes on. An increasingly popular tactic among bad actors is to hit hard and fast in what are described as 'hypervolumetric' attacks. For instance, last October one ISP based in East Asia was pummeled by a botnet at a rate of 5.6 terabit per second.
According to Cloudflare's quarterly DDoS threat report, the incident on October 29 was the largest attack of its kind ever reported (via Bleeping Computer). The volley was launched from a Mirai-based botnet of 13,000 compromised devices, lobbing requests from about 5,500 unique IP addresses per second.
Breaking it down further, Cloudflare shared, "The average contribution of each IP address per second was around 1 Gbps (~0.012% of 5.6 Tbps)."
Despite the eye-watering rate of this barrage, the entire attack only lasted 80 seconds. Naturally Cloudflare took the opportunity to toot its own horn, sharing that the attack was autonomously mitigated by its distributed defense systems.
The company shared, "It required no human intervention, didn’t trigger any alerts, and didn’t cause any performance degradation. The systems worked as intended."
To briefly recap, DDoS stands for Distributed Denial of Service and describes a cyber attack launched from multiple sources with the aim of making a targeted web service or device unavailable for normal use. For one recent example, last year Final Fantasy 14 was the target of the largest scale DDoS attack the game had seen in a decade, resulting in hours-long login queues just for a start.
Cloudflare's latest DDoS threat report shares a smorgasbord of data that I'm now going to serve up charcuterie-style. For instance, did you know that during the last half of 2024, Indonesia remained the largest source of DDoS attacks?
The company also says they've seen an uptick in hypervolumetric DDoS attacks, with a sharp quarter on quarter spike through the winter of 2024. The company shared, "The amount of attacks exceeding 1 Tbps increased by 1,885% QoQ and attacks exceeding 100 Million pps (packets per second) increased by 175% QoQ."
That said, Cloudflare claims that most of the HTTP and network layer DDoS attacks the company observed lasted less than 10 minutes—hence the move towards automated protection. Cloudflare explains, "Because the duration of most attacks is so short, it is not feasible, in most cases, for a human to respond to an alert, analyze the traffic, and apply mitigation."
