"Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing"

The cybersecurity company Imperva announced that on June 27, 2022, it mitigated a Distributed Denial-of-Service (DDoS) attack with over 25.3 billion requests. The powerful attack, which was launched against an unnamed Chinese telecommunications company, is said to have lasted four hours and peaked at 3.9 million requests per second. According to Imperva, attackers used HTTP/2 multiplexing, or combined multiple packets into one, to send multiple requests over individual connections simultaneously. The attack was launched from a botnet made up of nearly 170,000 different IP addresses spread across routers, security cameras, and compromised servers in over 180 countries, primarily the US, Indonesia, and Brazil. This disclosure follows Akamai's mitigation of a DDoS attack aimed at a customer in Eastern Europe, with attack traffic peaking at 704.8 million packets per second. On July 21, 2022, the same victim was previously targeted in a similar manner, with the attack volume ramping up to 853.7 gigabits per second (Gbps) and 659.6 million packets per second over a 14-hour period. This article continues to discuss the Imperva's mitigation of record DDoS attack and other recently defeated DDoS attacks. 

THN reports "Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing"