Google blocks ‘largest ever’ web DDoS attack

Google has reported that it has blocked the ‘largest’ distributed denial of service (DDoS) attack on record, which had a peak of 46 million requests per second (rps).

The attack took place at 9:45am PT on 1 June and targeted a Google Cloud Armour user with HTTPS for a duration of 69 minutes. The attack had 5,256 source IPs from 132 countries contributing to it. Google reported that the attack was the biggest Layer 7 DDoS attack reported to date, at 76 percent larger than the previous record.

In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor and Satya Konduru, technical lead, both at Google noted that the attack was akin to “receiving all the daily requests to Wikipedia...in just 10 seconds”. 

The DDoS traffic was detected early in the lifecycle by Google Cloud Armour, which alerted the customer to the attack and gave recommendations for a protective rule. This was then deployed before the attack could reach its peak. By doing this, Cloud Armour was able to block the attack and ensure that the user could regain service and continue providing for its end users.

Google noted that the types of services and geographic distribution used in the attack are concurrent with those used in the Mēris method of attacks, which “abuses unsecured proxies to obfuscate the true origin of the attacks” and are “known for massive attacks [that] break DDoS records”.  

To aid in the prevention of DDoS attacks, Google has the following advice: “Deploy defenses and controls at multiple layers of your environment and your infrastructure providers’ network to protect your web applications and services from targeted web attacks”, including “performing threat modeling to...develop proactive and reactive strategies to protect them”.