Google Fends Off the Largest Layer 7 DDoS Attack

Google successfully thwarted the largest-ever HTTPS-based distributed denial-of-service (DDoS) attack, peaking at an astonishing 46 million requests per second in June. The attack was aimed at Google’s customer’s internet services hosted over Google Cloud. The company reported that the intensity of the attack was almost 76% greater than the DDoS attack that Cloudflare stopped earlier this year.

According to the tech giant, this denial-of-service (DDoS) attacks flood target websites with unwanted traffic, making it impossible for website owners to do any business or repairs on the target website. The company and global security researchers are warning about new potential flooding cases that are getting worse and are happening more frequently than ever.

Google shares the incident report for (DDoS) attack

According to Google, the attack began around 09:45 PT (16:45 UTC), wherein the attackers sent over 10,000 requests per second (RPS) to one of its customers’ HTTP(S) Load Balancers. The intensity of the attack increased to 100,000 RPS in the next eight minutes, followed by an astonishing peak of 46 million RPS.

Google’s Cloud Armor Adaptive Protection service sensed the attack. It generated the alert to a rule that blocks fraudulent signatures on networks, and DDoS attacks slowly dwindled, making it last for 10:54 PT (17:54 UTC), according to Kiner and Konduru.

After the Cloud Armor Adaptive Protection intervention, the attackers, who at this point spent a lot of money and resources on the attack, might have sensed that they could not impact the systems as they were in the initial phase of the attack. Thus, they retrieved from further attacks — making Google Cloud safe again.

Spike in recent DDoS attack

Kiner and Konduru shared more insights about the DDoS Attack and said the geo-distribution and the types of devices used in the attack resemble the patterns used in the “Meris family of assaults.” In Google’s DDoS Attack, 5,256 source IPs from 132 countries were involved, similar to some previous DDoS attempts made between 2021 and 2022.

Additionally, the attack on June 1 used HTTPS queries rather than HTTP, which are more expensive than standard HTTP attacks, as they require more computing power to create secure TLS connections. The researchers also claimed that Tor’s participation in the attack was only incidental due to the nature of the vulnerable services. It wrote, “our analysis shows that Tor exit-nodes can send significant unwanted traffic to web applications and services even at 3 percent of the peak (greater than 1.3 million RPS).