Google Mitigates DDoS Attack With 24 million RPS, The Largest To Date

Posted on August 30, 2022 at 6:43 AM

Google Mitigates DDoS Attack With 24 million RPS, The Largest To Date

Google said it recently blocked the largest distributed denial-of-service (DDoS) attack reported to date. According to the tech giant, the attack over the HTTPS protocol reached 46 million requests per second (RPS).

The report revealed that within two minutes, the attack surged from merely 100,000 RPS to a record-breaking 46 million RPS. This represents nearly 80% of the 26 million RPS that Cloudflare mitigated in June, which was the previous record.

The Attack Started Initially At 10,000 RPS

The attack began about 09:45 Pacific Time in the morning on June 1. It initially targeted the HTTP/S Load Balancer of the victims with only 10,000 RPS. Within eight minutes, the attack surged to 100,000 RPS. After gaining insights from the attack through an alert from Google’s Cloud Armor Protection, the tech giant came to the rescue. Two minutes later, the attack intensified to 46 million requests per second.

To explain how massive the attack was, Google likened it to getting all the daily requests to Wikipedia in just 10 seconds.

However, the attack didn’t have an impact on the target because the customer had already deployed the recommended rule from Cloud Armor, which allowed operations to run normally. The entire attack happened in 69 minutes from the time it started.

A report from Google’s Technical Lead Satya Konduru and Senior Product Manager Emil Kiner revealed that the attackers increased their RPS when the initial one wasn’t having the desired impact. The report also noted that the attackers deployed significant resources to launch the attack.

The Attack Has Been Linked To A Mēris Botnet

Although the malware behind the attack hasn’t been discovered yet, the operational method of the attackers suggests that the attack was caused by the Meres botnet. Meres has been responsible for some of the largest DDoS attacks to date. It was responsible for DDoS attacks peaking at 21.8 million RPS and 17.2 million RPS, both record-breaking at the time.

Meris is notorious for using unsecured proxies to deliver bad traffic to cover the origin of the attack. It has successfully carried out similar attacks in the past, but it failed this time due to the proactive measures taken by the target.

Google’s security team also revealed that the attack traffic originated from 5,256 IP addresses spread across over 130 countries. They utilized encrypted requests (HTTPS), which indicates that the devices that send the requests have strong computing resources.

The researchers noted that the encryption was terminated because it was required to monitor the traffic and effectively mitigate the attack. Also, the threat actors used HTTP pipelining, which required Google to complete some TLS handshakes.

Another feature of the attack is the threat actor’s utilization of Tor exit nodes to deliver the traffic. While about 1,169 of the sources sent the requests via the Tor network, they accounted for about 3% of the attack traffic.

Even with these features, the Google research team believes that the Tor exit nodes can serve another purpose, which includes delivering a huge amount of bad traffic to the web services and applications.

At the beginning of last year, a few botnets leveraged a small number of strong devices to target several networks. This led to an era of record-breaking volumetric DDoS attacks.

Meris Botnet Notorious For Record-Breaking Attacks

In September last year, Russian internet giant Yandex was at the receiving end of one of the largest DDoS attacks in history. Unsurprisingly, the culprit was the Meris botnet. The attack peaked at 21.8 million RPS. At the time, it was a recode volume for DDoS attacks. Before the incident, the same Meris botnet delivered 17.2 million RPS against a Cloudflare customer.

The attack targeted Cloudflare’s customers using the Free plan According to the incident report at the time, the hacker responsible likely used virtual machines and hijacked servers. The attack did not come from Internet of Things (IoT) devices but rather from Cloud Service Providers.

Although the botnet used by the attacker was small, the volume of the attack shows that it is a powerful botnet of 5,067 devices, with each capable of producing about 5,200 RPS at a peak period.

A month later, Microsoft’s Azure DDoS protection system defended against another attack which reached 3.47 terabits per second and hit a packet rate of 340 million packets per second (PPS) for a customer based in Asia.

Summary
Google Mitigates DDoS Attack With 24 million RPS, The Largest To Date
Article Name
Google Mitigates DDoS Attack With 24 million RPS, The Largest To Date
Description
Google said it recently blocked the largest distributed denial-of-service (DDoS) attack reported to date. According to the tech giant, the attack over the HTTPS protocol reached 46 million requests per second (RPS).
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading