Google disclosed this week that it faced the largest DDoS attack in history. According to the company, the attack reached 398 million requests per second (or rps) at its peak. This figure is 7.5 times higher than the previous record, when 49 million rps was recorded.
A DDoS attack seeks to destabilize a service or put it out of service. Cybercriminals can use hacked devices (from a PC to a surveillance camera with an internet connection), forming a botnet/botnet, to send millions of hits to a particular website. In this way, PRs overload a website’s infrastructure, since there is always a limit to the number of accesses that a server can handle.
The division of Google responsible for mitigating the DDoS attack was Cloud. However, in its statement, Big Tech reports that the latest wave of attacks on its services began in August. In addition to Google Cloud itself, other services of the company and its customers were attacked.
In this latest case, which lasted an incredible 2 minutes and had 398 million rps (more than Wikipedia had in September), Google revealed that cybercriminals used a new vulnerability in the HTTP/2 protocol.
Big Tech said it had shared real-time information from the attack series with other companies that use the same protocol — and had also received details from the companies.
According to Google, the mitigation measures allowed its services and those of its customers to continue as normal (most of the time, the company says) which thwarted the plans of the responsible group — which was not disclosed. The idea of this crime is precisely to prevent a service from being accessed.
In 2020, a Google study showed that DDoS attacks are getting bigger every year. If 398 million rps is already impressive, what will we see in the next record?