Skip to main content

This huge DDoS attack was one of the longest ever recorded

An unprecedented distributed denial of service (DDoS) attack saw over 25.3 billion requests being sent to a target. Imperva, a cyber security software and services company, confirmed the attack.

As reported by Bleeping Computer, the firm’s systems defended the record-breaking attack when it occurred on June 27, 2022.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The threat actors concentrated their efforts on a Chinese telecommunications service provider, which was subjected to an attack that reached 3.9 million requests per second (RPS), with an average of 1.8 million RPS.

Granted, the aforementioned figure doesn’t come remotely close to the largest HTTPS DDoS attack ever recorded (26 million RPS). However, the time span of how long the attack continued was specifically highlighted — this particular attack ended after four hours.

Comparatively, DDoS attempts that exceed the 1 million RPS mark generally end after seconds or several minutes. Imperva also mentioned in its report that around one in 10 DDoS attacks lasts for over an hour.

Due to the automated mitigation solution in place that blocks DDoS attacks in under three seconds, the attempt could have peaked at a much higher number than the 3.9 million figure.

As for the attack itself, it was carried out via a botnet system situated within 180 countries. IP addresses were predominantly based in the U.S., Brazil, and Indonesia. The botnet utilized a network of 170,000 devices that were breached, ranging from modem routers, smart security cameras, and servers. The latter was found to be hosted on public clouds and cloud security service providers.

“The attack started at 3.1M RPS and maintained a rate of around 3M RPS. Once the attack peaked at 3.9M RPS, the attack lowered for several minutes but returned to full strength for another hour,” Imperva said.

The hackers relied on HTTP/2 multiplexing in order to deliver various requests at once via individual connections. Imperva added that this technique is capable of shutting servers down with a limited amount of resources. It also stressed that these sorts of attacks are “extremely difficult to detect.”

DDoS attacks have increased in popularity in recent years. Cloudflare confirmed that this category has seen a 175% increase in incidents within the fourth quarter of 2021.

Google, meanwhile, managed to stop the largest HTTPS DDoS attack in history in August, with the company mitigating an attempt that peaked at 46 million RPS.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers just launched the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

The largest ​​HTTPS distributed denial-of-service (DDoS) attack in history materialized last week, Cloudflare has confirmed.

Cloudflare, which specializes in DDoS mitigation, announced that it successfully prevented the record-breaking onslaught before it could inflict any real damage.

Read more
Cloudflare just stopped one of the largest DDoS attacks ever
Hands on a laptop.

Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.

The HTTPS DDoS attack was one of the largest such attacks ever recorded, and it came from unusual sources -- data centers.

Read more
Microsoft stopped the largest DDoS attack ever reported
Nvidia T4 Enterprise Server Wall

Distributed Denial-of-Service (DDoS) attacks have become more common, and Microsoft recently published a blog post looking into the trends for such attacks on its own servers. In that post, the company says that, at one point, it stopped one of the largest-ever-recorded DDoS attacks on a Microsoft Azure server in Asia.

According to Microsoft's data, in November, an unnamed Azure customer in Asia was targeted with a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps.) The attack came from 10,000 sources from multiple countries across the globe, including China, South Korea, Russia, Iran, and Taiwan. The attack itself lasted 15 minutes. Yet it is not the first one of such scale, as there were two additional attacks, one of 3.25 Tbps and another of 2.55 Tbps in December in Asia.

Read more