Insights into a 3.5Million Request per Second Web DDoS Attack on a Leading European Bank

In the realm of cybersecurity, vigilance is paramount, as evidenced by a recent incident involving a prominent European bank hit by a Web DDoS attack. A Web DDoS Tsunami attack is an extreme form of HTTPS DDoS Flood designed to overwhelm and outmaneuver standard protections. This bank found itself on a morning that started like any other, in a record-breaking Web DDoS attack. Let us delve into the different stages of this attack.

Escalation of Complexity
As the day progressed, the attack evolved, becoming more sophisticated and with higher volume. The intensity increased exponentially, with the rate of requests surging from around 1,000, and later 500K per second, then to a staggering 1,000,000 requests per second (Figure 1). It was evident that the assailants were determined to breach the bank’s defenses by any means necessary.

The Initial Onslaught
On the morning of March 1st, the bank found itself under unexpected fire. The attack targeted the trade platform, bombarding it with bursts of requests reaching 140,000 requests per second. This initial assault was the first indication of the severity of the threat.


Figure1: The intensity increased exponentially, with the rate of requests surging from around 1k and later 5k to a staggering 1M per second.

Strategic Bursts
In the afternoon, the attackers employed a strategic tactic, launching short bursts of activity aimed at overwhelming the system. These bursts (Figure 2), ranging from 250K to 500K requests per second, were designed to exhaust resources. Despite their brevity, these attacks had a significant impact, contributing to a total of nearly 200 million requests over a couple of hours.

Figure 2

Figure 2: The bank was hit with bursts ranging from 250K to 500K requests per second.

The Apex of the Assault
The final phase of the attack saw the assailants unleash their most lethal weapon yet. With a highly sophisticated and coordinated effort, they bombarded the bank with a staggering 3.5 million requests per second (Figure 3). This relentless assault pushed the bank’s defenses to the brink, highlighting the magnitude of the threat posed by cyber adversaries.

Figure 3

Figure 3: The bank was bombarded with a staggering 3.5 million requests per second.

Ongoing Defense
Despite the initial onslaught, the bank remains under constant attack, a testament to the relentless nature of Web DDoS attacks. In the span of seven hours, the company weathered a total of 3 billion requests. Underscoring the severity of the situation would be to imagine that half of the population on earth accessing the same website in a span of several hours. This is what 3 billion requests looks like.

However, the company’s dedicated cybersecurity team continued to work tirelessly to fortify defenses and mitigate future risks.

In conclusion, the attack on this bank serves as a sobering reminder of the ever-present threat posed by DDoS attacks. By understanding the various phases of the attack and implementing robust defense strategies, organizations can better prepare themselves to withstand and combat such threats effectively.

Eva Abergel

Eva is a Product Marketing Manager in Radware’s network security group. Her domain of expertise is data center protection, where she leads positioning, messaging and product launches. Prior to joining Radware, Eva led a Product Marketing and Sales Enablement team at Elmo Motion Control - a global robotics company - and worked as an engineer at Intel. Eva holds a B.Sc. degree in Mechatronics Engineering from Ariel University and an Entrepreneurship Development certificate from the York Entrepreneurship Development Institute of Canada.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center