Monday, September 26

Google thwarts the biggest HTTPS DDoS attack in history | Digital Trends Spanish

Google has confirmed that one of its cloud clients was the target of the biggest attack of distributed denial of service (DDoS) HTTPS never reported.

As reported by Bleeping Computera Cloud Armor customer was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Getty Images

The aforementioned figure means that it is the largest such attack in history: it is more than double the previous record (up almost 80%, to be exact); a 26 million RPS attempt blocked by Cloudflare during June.

The latest incident began on June 1 with the initial goal of directing 10,000 RPS to the HTTP/S load balancer. Within eight minutes, that number increased tenfold to 100,000 RPS, triggering Google’s Cloud Armor Protection by creating a derived alert. of traffic analysis data.

Once the ten minute mark was reached, an unprecedented 46 million requests per second were sent towards the victim.

These numbers may not mean much to those unfamiliar with the nature of HTTPS DDoS attacks, but for reference, Google stated that it was equal to receiving all the daily requests Wikipedia receives in the span of 10 seconds.

With the goal of performing Cloud Armor’s recommended rule for this situation, their operations were able to continue unaffected.

A representation of a hacker using a laptop.

The large amount of traffic being sent to the cloud service lasted for over an hour. “Presumably, the attacker likely determined that he was not having the intended impact while incurring significant expense to execute the attack,” Google said in its report.

Google researchers detailed that the HTTPS DDoS incident traffic was delivered via 5,256 IP addresses located in 132 countries. And it wasn’t carried out by an amateur; Due to the use of encrypted requests (HTTPS), the devices involved in the operation could theoretically have been backed by powerful computing resources.

As for the specific type of malware connected to the attack, Google was unable to identify an exact name. That said, analyzing where the attack came from indicates the involvement of Mēris, which is a botnet behind two previous DDoS record holders (17.2 million RPS and 21.8 million RPS, respectively).

Before Google’s report on the new record, the largest HTTPS DDoS attack in history, achieved via a 5,067-device botnet, was recorded by DDoS mitigation company Cloudflare.

DDoS assaults in general are on the rise, with Cloudflare reporting a 175% increase in such incidents during Q4 2021 alone. Microsoft itself managed to prevent the largest DDoS attack in history (not to be confused with HTTPS DDoS), which reached the 3.47 terabits per second.

Publisher Recommendations