Google’s cloud division on Thursday disclosed it mitigated a
series of HTTPS distributed denial-of-service (DDoS) attacks which
peaked at 46 million requests per second (RPS), making it the
largest such recorded to date.
The attack, which occurred on June 1, targeting an unnamed
Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack[1] repealed by Cloudflare
earlier this June.
“To give a sense of the scale of the attack, that is like
receiving all the daily requests to Wikipedia (one of the top 10
trafficked websites in the world) in just 10 seconds,” Google
Cloud’s Emil Kiner and Satya Konduru said[2].
It’s said to have started around 9:45 a.m. PT with 10,000 RPS,
before growing to 100,000 RPS eight minutes later and further
ramping up within two minutes to hit a high of 46 million RPS at
10:18 a.m. PT. In all, the DDoS assault lasted for a total of 69
minutes.
Google said that the unexpectedly high volume of traffic
originated from 5,256 IP addresses located in 132 countries, with
Brazil, India, Russia, and Indonesia alone accounting for 31% of
all the attack requests.
22% of the IP addresses (1,169) corresponded to TOR exit nodes,
but were responsible for just 3% of the attack traffic.
“The attack leveraged encrypted requests (HTTPS) which would
have taken added computing resources to generate,” the company
noted. “The geographic distribution and types of unsecured services
leveraged to generate the attack matches the Mēris[3]
family of attacks.”
In September 2021, the Mēris botnet was linked[4]
to a DDoS attack on Russian internet giant Yandex that peaked at
21.8 million RPS. Parts of the botnet’s infrastructure were
sinkholed[5]
in late September 2021.
References
Read more https://thehackernews.com/2022/08/google-cloud-blocks-record-ddos-attack.html