Google has just put a stop to the largest DDoS attack in the history of the net, with more than 46 million HTTPS requests launched per second! In June 2022, the company Cloudflare had stopped a DDoS attack of 26 million requests.
Remember, in June 2022, we learned that the IT security company Cloudflare had just stopped the biggest DDoS attack of all time. To send those 26 million HTTPS requests per secondthe hackers used a ridiculous number of devices: only 5,067.
However, it did not take long for this record to fall. Indeed, this Thursday, August 18, 2022, Google put a stop to the DDoS attack or collective attacks by saturation of services largest in the history of the web.
Google puts an end to the largest DDoS attack in history
On June 1, a Google Cloud Armor customer was the target of a series of HTTPS DDoS attacks, with a number of HTTPS requests per second exceeding 46 million! “This is the largest type 7 DDoS attack reported to date (…) To give an idea of the scale of the attack, it is equivalent to receiving all daily requests from Wikipedia (one of the 10 sites world’s busiest websites) in just 10 seconds”, explains Google in an article on its official blog.
In addition to this incredibly high traffic volume, the attack exhibited other characteristics. The Mountain View firm reveals in particular that 5,256 source IP addresses from 132 different countries contributed to the operation. As can be seen from the screenshots provided by the American company, 31% of the total attack traffic comes from from Brazil, India, Russia and Indonesia.
Also read: DDoS attacks – their number broke all records in 2021
A DDoS attack foiled in less than an hour and a half
Google says the attack ended after only 69 minutes of activity. As soon as the first signs were detected, the targeted customer’s Cloud Armor adaptive protection system generated an alert and began blocking attack traffic. “The attacker likely determined it was not having the desired impact while incurring significant expense to execute the attack.” guess Google.
It is true that HTTPS DDoS attacks require more computing power than formal exchanges. Hackers must therefore be equipped with powerful machines, such as servers, to launch this type of attack.
While the malware used to carry out this offensive has not yet been determined, Google assures that the geographical distribution and types of insecure services exploited to generate the corresponding attack to the Meris botnet.
This powerful botnet was responsible for several large DDoS attacks in 2021 (with peak requests of 17 and 20 million). “The Meris method abuses insecure proxies to conceal the true origin of attacks,” explains Google.