According to Google Cloud Armor product manager Emil Kiner and Satya KonduruTechnical Lead, this was the largest Layer 7 DDoS report with 46 million requests per second. To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds. - they added.
The search giant said its anti-DDoS Cloud Armor system detects and analyzes the traffic early in the attack lifecycle and generates an alert. The alert also notifies customers of recommended protective measures which were then deployed before the attack ramped up to its full magnitude. Cloud Armor started blocking the source of the malicious web traffic, ensuring the customer's service stayed online and continued serving their end-users.
A Distributed Denial of Service (DDoS) attack is a non-intrusive internet attack made to take down the targeted website or slow it down by flooding the network, server, or application with malicious traffic. It is designed to knock an internet site or service offline by flooding the fake web traffic.
Largest HTTPS DDoS attack ever
As this was the largest ever HTTPS-based DDoS attack still it failed to take down its target (Google cloud service).
At the time the attack started, within two minutes there was a massive surge in attack from 100,000 RPS to a peak of 46 million RPS. Since Cloud Armor was already blocking the attack traffic, the target workload continued to operate normally. Over the next few minutes, the attack started to decrease in size, ultimately ending 69 minutes later at 10:54 a.m.
Despite the massive escalation, the attackers were unable to disrupt the customer’s services, Google said.
In addition to its unexpectedly high volume of traffic, the attack had other noteworthy characteristics. Google reported there were 5,256 source IPs from 132 countries contributing to the attack.
The search giant suspects the DDoS came from the Meris botnet, which was made up of hundreds of thousands of internet routers and modems.
Earlier, the Meris botnet was also been linked to the major DDoS incident over the Russian search engine, Yandex with 22 million RPS.
Six Largest DDoS Attacks in History
|Sl.||Organization||Attack Magnitude & Year|
|1||46 Million per second (June 2022)|
|2||Cloudflare||46 Million per second (June 2022)|
|3||Microsoft||3.47 Tera byte per second (January 2022)|
|4||Amazon Web Service (AWS)||2.3 Tera byte per second (February 2020)|
|5||GitHub||1.35 Tera byte per second (February 2020)|
|6||Dyn||1.2 Tera byte per second [approx] (October 2016)|
Above is the top six organization that has suffered the largest DDoS attack on their service or products.
If you have anything to add to the story, drop your thoughts in the comments below.