Google has stopped the largest-ever web distributed denial-of-service (DDoS) cyberattack against a client, which peaked at 46 million requests per second, according to New Delhi, Aug. 20 (IANS) (RPS).
The business claims that this is the largest “Layer 7 DDoS” attack to date, at least 76% greater than the previous record.
Satya Konduru, Technical Lead, Google Cloud, stated in a statement late on Friday: “To provide an idea of the scope of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.
The frequency and size of DDoS cyberattacks are both rising dramatically.
According to Emil Kiner, senior product manager for Cloud Armor, “Our customer’s network security team put the Google Cloud Armor-recommended rule into their security policy, and it instantly started blocking the attack traffic.”
The onslaught grew from 100,000 RPS to a peak of 46 million RPS in the two minutes that followed.
The target workload carried on as usual because Cloud Armor was already blocking the attack flow.
“The attack began to shrink over the following few minutes, eventually coming to an end 69 minutes later. Since the attacker had to spend a lot of money to carry out the attack, it is likely that they realized they were not having the desired effect “the corporation said.
The attack belongs of the Meris family of attacks because to its geographic dissemination and use of several unprotected services.
The Meris technique, well-known for its huge attacks that have shattered DDoS records, makes use of unsafe proxies to conceal the attacks’ real source, according to Google.
At the edge of Google’s network, the assault was stopped, and the malicious requests were blocked upstream of the customer’s application.
Attack volumes will keep expanding, and strategies will keep changing.
Google advised utilizing a defense-in-depth strategy to be ready, establishing protections and controls at various tiers of your environment and the network of your infrastructure providers “to defend your web apps and services from targeted web attacks.”