Google Blocks the Biggest DDoS Attack Ever Launched in History

Written by: Sarwan Rahu, Journalist, AOPG.

If cybercriminals have attack tactics, then it seems that tech giants have the tactics to counter them. And this is profoundly visible from how Google successfully tackled, what it calls, the biggest DDoS attack ever launched in history. 

The DDoS attack that reportedly lasted for 69 minutes started by targeting a Google Cloud customer’s HTTP/S Load Balancer initially with 10,000 Requests per Second (RPS). According to Google, within a two-minute time, the attack soared to 100,000 RPS before peaking at 46 million RPS.  

“This is the largest Layer 7 DDoS reported to date—at least 76% larger than the previously reported record. To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” Satya Konduru, Technical Lead, Google Cloud, said in a statement.

Even though it is yet to be identified, the geographic distribution and types of unsecured services used to generate the attack suggest that the malware used in executing the attack, presumably, belonged to the Mēris family of attacks. Mēris is an IoT botnet that emerged in 2021 and is known for exploiting unsecured proxies to obscure the true origin of the attack. 

Thanks to Google’s robust Cloud Armor Adaptive Protection that successfully detected and analysed the traffic before the incorporated malware could materialise its malicious intentions. The Adaptive Protection model alerted the users to deploy the recommended security settings prior to the attack reaching its climax. In simple words, the attack was thwarted at the edge of Google’s network, with the malicious requests blocked upstream from the customer’s application.

“Our customer’s network security team deployed the Google Cloud Armor-recommended rule into their security policy, and it immediately started blocking the attack traffic,” said Emil Kiner, Senior Product Manager, Cloud Armor.

Analysing the nature of the attack, Google further mentioned that 5,256 source IPs from 132 countries were exploited to execute the attack and that a technique termed “HTTP Pipelining”, was used to scale up RPS, along with Tor exit nodes that generate a colossal amount of unwelcome traffic.

Considering the ingenuity and frequency of the contemporary DDoS attacks, Google recommended customers use a defence-in-depth strategy by deploying security protocols and measures at multiple layers across users’ environments and infrastructure to “protect your web applications and services from targeted web attacks.”