Skip to main content
  1. Home
  2. Computing
  3. News

Google just thwarted the largest HTTPS DDoS attack in history

Add as a preferred source on Google

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The aforementioned figure means it’s the largest such attack in history — it’s more than double the previous record holder (up by nearly 80%, to be exact); a 26 million RPS attempt blocked by Cloudflare during June.

Recommended Videos

The latest incident commenced on June 1 with an initial goal of directing 10,000 RPS toward the HTTP/S Load Balancer. Within eight minutes, that number increased ten-fold to 100,000 RPS, triggering Google’s Cloud Armor Protection by creating an alert derived from traffic analysis data.

Once the ten-minute mark was reached, an unprecedented 46 million requests per second were being sent toward the victim.

These numbers may not mean much to those who aren’t familiar with the nature of HTTPS DDoS attacks, but for reference, Google stated that it was equal to receiving all daily requests Wikipedia receives in the span of 10 seconds.

With the target performing Cloud Armor’s recommended rule for this situation, its operations were able to continue without being affected.

A depiction of a hacker using a laptop.
Image used with permission by copyright holder

The sheer amount of traffic that was being sent toward the cloud service lasted for more than an hour. “Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack,” Google said in its report.

Researchers from Google detailed that traffic from the HTTPS DDoS incident was delivered via 5,256 IP addresses situated across 132 countries. And it wasn’t carried out by an amateur; due to the use of encrypted requests (HTTPS), devices involved in the operation could theoretically have been backed by powerful computing resources.

As for the specific type of malware connected to the attack, Google was unable to identify an exact name. That said, analyzing where the onslaught emerged from indicates the involvement of Mēris, which is a botnet behind two previous DDoS record holders (17.2 million RPS and 21.8 million RPS, respectively).

Prior to Google’s report on the new record, the largest ​​HTTPS DDoS attack in history — achieved via a botnet of 5,067 devices — was recorded by DDoS mitigation company Cloudflare.

DDoS assaults in general are on the rise, with Cloudflare reporting a 175% increase in such incidents during the fourth quarter of 2021 alone. Microsoft itself managed to prevent the largest DDoS attack ever (not to be confused with HTTPS DDoS), which reached 3.47 terabits per second.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
South Korea wants to give every citizen free, unlimited access to its own AI chatbot
The government-backed service could turn generative AI into public infrastructure instead of another monthly subscription
Electronics, Mobile Phone, Phone

South Korea wants to give every citizen free access to an AI chatbot with no usage limits. That puts the technology closer to a public utility than another premium service demanding a monthly subscription.

The Ministry of Science and ICT announced the AI for Everyone project on July 13. Private companies will build the platform around locally developed models, while a separate AI agent will help people navigate government services. It’s a more practical job than generating emails or settling arguments nobody wanted to research themselves.

Read more
Falling in love with a chatbot is now off limits for kids in China
The crackdown targets emotional AI relationships as regulators worry about the country's record low birthrate.
Replika AI companion app on an iPhone in hand

Ever since AI chatbots arrived on the scene, there has been one aspect that has worried lawmakers and experts a lot: humans forming emotional connections with chatbots. There have been plenty of cases where over-reliance on these AI companions or partners has resulted in medical emergencies, lost lives, and triggered multiple lawsuits against the likes of OpenAI and Meta.

China cracks down on AI companion apps

Read more
Russian hackers keep finding their way into critical networks through neglected routers
A multinational warning says outdated firmware, weak passwords, and insecure settings are giving state-backed attackers an easy opening
A Wi-Fi router next to a laptop.

Russian state-backed hackers have spent more than a decade exploiting a stubborn weakness in critical infrastructure networks. Organizations are still leaving poorly configured and outdated routers exposed to the internet.

In a joint cybersecurity advisory, the NSA, CISA, FBI, and international partners warn that hackers linked to Center 16 of Russia’s Federal Security Service are continuing to target vulnerable networking equipment. Energy, healthcare, and government networks are among the sectors facing the highest risk.

Read more