WASHINGTON (Reuters) – Google, Amazon, and Cloudflare, major players in the tech industry, report having successfully defended against the most massive denial of service attack ever recorded on the internet. They also raise concerns about a novel technique that could potentially lead to widespread disruptions.
Google, owned by Alphabet Inc, revealed in a recent blog post that its cloud services effectively repelled a colossal surge of rogue data traffic, surpassing the scale of the previous record-breaking attack from the previous year by over seven times.
Cloudflare Inc., an internet security firm, noted that this attack exceeded any previous incidents, being three times larger than their previous observations. Amazon.com Inc.’s web services division also acknowledged falling victim to a “new form of distributed denial of service (DDoS) incident.”
Denial of service is one of the most fundamental forms of cyberattacks, functioning by inundating targeted servers with an overwhelming influx of counterfeit data requests, effectively obstructing the passage of legitimate web traffic.
As the online landscape has evolved, so too have the capabilities of denial of service operations, some of which can produce millions of counterfeit requests every second. The recent onslaughts, documented by Google, Cloudflare, and Amazon, commenced in late August and, according to the tech giants, are still ongoing, capable of generating hundreds of millions of requests per second.
In its blog post, Google revealed that a mere two-minute segment of one such assault “resulted in more requests than the total article views reported by Wikipedia for the entire month of September 2023.”
All three companies emphasized that these massive attacks exploited a vulnerability within HTTP/2, a more recent iteration of the HTTP network protocol that underlies the World Wide Web. This vulnerability makes servers particularly susceptible to deceitful requests.
The companies have strongly recommended that other organizations update their web servers to mitigate this vulnerability.
None of these tech giants disclosed the identity of the perpetrators behind these denial of service attacks, which have historically proven challenging to attribute.