Skip to main content

This huge DDoS attack was one of the longest ever recorded

An unprecedented distributed denial of service (DDoS) attack saw over 25.3 billion requests being sent to a target. Imperva, a cyber security software and services company, confirmed the attack.

As reported by Bleeping Computer, the firm’s systems defended the record-breaking attack when it occurred on June 27, 2022.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The threat actors concentrated their efforts on a Chinese telecommunications service provider, which was subjected to an attack that reached 3.9 million requests per second (RPS), with an average of 1.8 million RPS.

Recommended Videos

Granted, the aforementioned figure doesn’t come remotely close to the largest HTTPS DDoS attack ever recorded (26 million RPS). However, the time span of how long the attack continued was specifically highlighted — this particular attack ended after four hours.

Please enable Javascript to view this content

Comparatively, DDoS attempts that exceed the 1 million RPS mark generally end after seconds or several minutes. Imperva also mentioned in its report that around one in 10 DDoS attacks lasts for over an hour.

Due to the automated mitigation solution in place that blocks DDoS attacks in under three seconds, the attempt could have peaked at a much higher number than the 3.9 million figure.

As for the attack itself, it was carried out via a botnet system situated within 180 countries. IP addresses were predominantly based in the U.S., Brazil, and Indonesia. The botnet utilized a network of 170,000 devices that were breached, ranging from modem routers, smart security cameras, and servers. The latter was found to be hosted on public clouds and cloud security service providers.

“The attack started at 3.1M RPS and maintained a rate of around 3M RPS. Once the attack peaked at 3.9M RPS, the attack lowered for several minutes but returned to full strength for another hour,” Imperva said.

The hackers relied on HTTP/2 multiplexing in order to deliver various requests at once via individual connections. Imperva added that this technique is capable of shutting servers down with a limited amount of resources. It also stressed that these sorts of attacks are “extremely difficult to detect.”

DDoS attacks have increased in popularity in recent years. Cloudflare confirmed that this category has seen a 175% increase in incidents within the fourth quarter of 2021.

Google, meanwhile, managed to stop the largest HTTPS DDoS attack in history in August, with the company mitigating an attempt that peaked at 46 million RPS.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more
U.S. federal court system cyberattack is worse than previously thought
A large monitor displaying a security hacking breach warning.

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

Read more
Europe just suffered its worst DDoS attack ever, but we don’t know why
A depiction of a hacker breaking into a system via the use of code.

A record-breaking distributed denial-of-service (DDoS) attack situated within Europe was attempted during July, a new report has confirmed, but the lack of details on the target leaves the motive undetermined.

The largest DDoS attack ever detected in European-based regions was revealed by cybersecurity and cloud service firm Akamai, who said the target was one of its own customers.

Read more