Skip to main content
  1. Home
  2. Computing
  3. News

Google just thwarted the largest HTTPS DDoS attack in history

Zak Islam
By

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

The aforementioned figure means it’s the largest such attack in history — it’s more than double the previous record holder (up by nearly 80%, to be exact); a 26 million RPS attempt blocked by Cloudflare during June.

Related

The latest incident commenced on June 1 with an initial goal of directing 10,000 RPS toward the HTTP/S Load Balancer. Within eight minutes, that number increased ten-fold to 100,000 RPS, triggering Google’s Cloud Armor Protection by creating an alert derived from traffic analysis data.

Recommended Videos

Once the ten-minute mark was reached, an unprecedented 46 million requests per second were being sent toward the victim.

These numbers may not mean much to those who aren’t familiar with the nature of HTTPS DDoS attacks, but for reference, Google stated that it was equal to receiving all daily requests Wikipedia receives in the span of 10 seconds.

With the target performing Cloud Armor’s recommended rule for this situation, its operations were able to continue without being affected.

A depiction of a hacker using a laptop.

The sheer amount of traffic that was being sent toward the cloud service lasted for more than an hour. “Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack,” Google said in its report.

Researchers from Google detailed that traffic from the HTTPS DDoS incident was delivered via 5,256 IP addresses situated across 132 countries. And it wasn’t carried out by an amateur; due to the use of encrypted requests (HTTPS), devices involved in the operation could theoretically have been backed by powerful computing resources.

As for the specific type of malware connected to the attack, Google was unable to identify an exact name. That said, analyzing where the onslaught emerged from indicates the involvement of Mēris, which is a botnet behind two previous DDoS record holders (17.2 million RPS and 21.8 million RPS, respectively).

Prior to Google’s report on the new record, the largest ​​HTTPS DDoS attack in history — achieved via a botnet of 5,067 devices — was recorded by DDoS mitigation company Cloudflare.

DDoS assaults in general are on the rise, with Cloudflare reporting a 175% increase in such incidents during the fourth quarter of 2021 alone. Microsoft itself managed to prevent the largest DDoS attack ever (not to be confused with HTTPS DDoS), which reached 3.47 terabits per second.

Editors' Recommendations

Topics
Zak Islam
Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Microsoft stopped the largest DDoS attack ever reported
Nvidia T4 Enterprise Server Wall

Distributed Denial-of-Service (DDoS) attacks have become more common, and Microsoft recently published a blog post looking into the trends for such attacks on its own servers. In that post, the company says that, at one point, it stopped one of the largest-ever-recorded DDoS attacks on a Microsoft Azure server in Asia.

According to Microsoft's data, in November, an unnamed Azure customer in Asia was targeted with a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps.) The attack came from 10,000 sources from multiple countries across the globe, including China, South Korea, Russia, Iran, and Taiwan. The attack itself lasted 15 minutes. Yet it is not the first one of such scale, as there were two additional attacks, one of 3.25 Tbps and another of 2.55 Tbps in December in Asia.

Read more
Cloudflare reports a massive 175% increase in DDoS attacks
Person using laptop with security graphics in front.

Cloudflare, a web infrastructure and security company, has just released a report titled "DDoS Attack Trends for Q4 2021." According to Cloudflare, 2021 has been a particularly bad year in terms of DDoS attacks.

Ransom distributed denial of service (DDoS) attacks increased by over 175 percent quarter over quarter, highlighting the large scale of the problem described by Cloudflare.

Read more
Analysis of internet-connected devices reveals millions are vulnerable to attack
A hand on a laptop in a dark surrounding.

For anyone involved in information security and combating the incredible breadth and depth of malware that's constantly aimed at stealing our most important information, it's not enough to simply know whether a given machine is compromised. Just as important is knowing which machines are vulnerable to attack.

That's precisely the objective of projects that scan the internet looking for unsecured systems. One such initiative is Shodan, a search engine that scans online systems and "cyber assets" looking for any with security flaws that could open them up for attack. Security company Trend Micro conducted its own analysis of Shodan data for February 2016 and summarized the findings on its Security and Intelligence blog, noting that literally millions of internet-connected devices are vulnerable, including many in the most sensitive industries.

Read more