Google has announced that it blocked the largest distributed denial-of-service (DDoS) attack. The attack peaked at 46 million requests per second (rps), which is 76 percent larger than the previous DDoS attack that targeted Cloudflare in June.
The company explained in its blog post that the HTTPS DDoS attack began targeting one of its Google Cloud customers at around 09:45 AM PT on June 1. The attackers initially directed 10,000 rps toward the victim’s HTTP/S Load Balancer, and the number increased to 100,000 rps within eight minutes. The attack peaked at 46 million rps when it reached the ten-minute mark.
According to Google’s security researchers, the Cloud Armor Adaptive Protection service detected the signs of a threat, notified the customer, and suggested a rule to block the malicious signature configured in their security policy. The DDoS attack finally started to slow down and ended at 10:54 AM PT.
“The attack leveraged encrypted requests (HTTPS) which would have taken added computing resources to generate. Although terminating the encryption was necessary to inspect the traffic and effectively mitigate the attack, the use of HTTP Pipelining required Google to complete relatively few TLS handshakes,” Google explained.
Google detailed that the record-breaking DDoS attack was launched from a relatively small botnet delivered via 5,256 source IP addresses spread over 132 countries. The attack on the Google Cloud customer was carried out with HTTPS requests. In comparison to the HTTP counterparts, these attacks are more expensive because they require more computing power to create secure TLS connections.
Additionally, Google believes that there is a link between this incident and the Mēris family of botnets. It’s an IoT botnet that was behind two previous DDoS attacks.
The latest HTTPS-based DDoS attack comes after Radware published its threat analysis report earlier this week. The security firm mitigated 60 percent more DDoS attacks during the past few months as compared to last year. Moreover, the average volume blocked per customer per month grew by 47 percent.
Google recommends customers to develop proactive strategies and use Google Cloud Armor to protect their cloud-based applications. “With Google Cloud Armor, you are able to protect your internet facing applications at the edge of Google’s network and absorb unwelcome traffic far upstream from your applications,” Google noted.