Google announced that it has successfully mitigated a massive distributed denial-of-service (DDoS) attack using the HTTPS protocol which peaked at 46 million requests per second. This attack is the largest Layer 7 DDoS reported to date—76% larger than the previously reported record.
The attack occurred on June 1, 2022 at 9:45am Pacific time, and lasted 69 minutes.
Google reports that the attack was the equivalent of receiving all the daily requests to Wikipedia in just 10 seconds.
To repel the attack, the Google Cloud customer utilized Google Cloud Armor, which is an adaptive web application firewall. It uses machine learning (ML) to detect and alert on anomalous activity, generate signatures of potential attacks, and deploy a custom policy to block the signature of the aforementioned attack signature.
Cloud Armor alerted the customer with a recommended protective rule and was then deployed before the DDoS attack peaked at 46 million requests per second. As a result, the customer’s service stayed online and there was no disruption to legitimate users.
In analyzing the attack, Google discovered that the attack had 5,256 source IPs from 132 countries. Approximately 22% of the source IPs corresponded to Tor exit nodes. Google also reports that the geographic distribution and services leveraged in the attack matches the Mēris attack. This method abuses unsecured proxies to obfuscate the true origin of the attacks.
For more analysis on this cyberattack, check out the official Google Cloud blog post.
Discover more from Cybersecurity Careers Blog
Subscribe to get the latest posts sent to your email.
You must be logged in to post a comment.