Google Blocks the Largest DDoS Attack Ever Detected According To Reports

Google blocks the largest DDoS attack ever detected according to reports. The reported DDoS attack that has been blocked is reported to be over seven times bigger than the previous DDoS record-holder.

Google Blocks Largest DDoS Attack

Google Blocks Largest DDoS Attack

Google says it has reportedly stopped the “largest Distributed Denial of Service” (DDoS) attack ever, and the company together with industry peers, reportedly discovered the vulnerability in question that made the attack possible in the first place.

Google in a blog post outlining its work, stated that the blocked attack was 7.5 times bigger than the largest-ever DDoS incident in record. This latest record-setter as you should know peaked at 398 million requests per second (rps), which in question is up from 46 million rps which was the record prior to this one, established in the previous year.

Google’s Response to the News

“The most recent wave of attacks started in late August and continues to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” Google states.

the yet-to-be-named threat actors in order to make such a mighty attack possible reportedly deployed a novel HTTP/2 technique called “Rapid Reset” that is based on stream multiplexing, Google explained. Stream multiplexing as you should know is a feature of the “widely-adopted” HTTP/2 protocol, the company revealed, and also adding that the technical details can be found here.

What Google Did After Detecting the Attack

Google just soon after detecting the attack, reportedly introduced additional mitigation strategies and then reached out to its industry peers (cloud providers, and similar) who also make use of the HTTP/2 protocol stack. “We shared intelligence about the attack and mitigation methodologies in real-time as the attacks were underway,” Google stated.

Together, they immediately identified a vulnerability in the protocol stack that is tracked as CVE-2023-44487. This is a high-severity flaw with a CVSS score of 7.5/10.

What Businesses Are Advised To Do

Businesses all over should investigate if it is that their servers running HTTP/2 are not vulnerable, Google has stated, or in the event that they are should apply the patch. “If you are managing or operating your own HTTP/2-capable server (open source or commercial) you should immediately apply a patch from the relevant vendor when available,” the company reportedly concluded.

DDoS attacks as you should know are a very common tactic among cybercriminals, in which they get to disrupt internet-facing websites as well as services.



Please enter your comment!
Please enter your name here