Security News > 2022 > August > Google blocks largest HTTPS DDoS attack 'reported to date'
A Google Cloud Armor customer was hit with a distributed denial-of-service attack over the HTTPS protocol that reached 46 million requests per second, making it the largest ever recorded of its kind.
In just two minutes, the attack escalated from 100,000 RPS to a record-breaking 46 million RPS, almost 80% more than the previous record, an HTTPS DDoS of 26 million RPS that Cloudflare mitigated in June.
The attack started on the morning of June 1, at 09:45 Pacific Time, and targeted the victim's HTTP/S Load Balancer initially with just 10,000 RPS. In eight minutes, the attack intensified to 100,000 RPS and Google's Cloud Armor Protection kicked in by generating an alert and signatures based on certain data pulled from traffic analysis.
The malware behind the attack has yet to be determined but the geographic distribution of the services used points to a M?ris, a botnet responsible for DDoS attacks peaking at 17.2 million RPS and 21.8 million RPS, both record-breaking at their time.
Google researchers say that the attack traffic came from just 5,256 IP addresses spread in 132 countries and leveraged encrypted requests, indicating that the devices sending the requests have rather strong computing resources.
Last November, Microsoft's Azure DDoS protection platform mitigated a massive 3.47 terabits per second attack with a packet rate of 340 million packets per second for a custmer in Asia.
News URL
Related news
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Recently patched CUPS flaw can be used to amplify DDoS attacks (source)
- Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors (source)
- Largest Recorded DDoS Attack is 3.8 Tbps (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks (source)
- Samsung phone users under attack, Google warns (source)