Google blocks a record DDoS attack of 46 million requests per second

Distributed denial-of-service (DDoS) attacks are increasing in frequency and growing in size exponentially. Google Cloud Armor customer was recently hit with the largest Layer 7 DDoS attack to date.

A series of HTTPS DDoS attacks peaked at 46 million requests per second, and the attack was 76% larger than the previously reported record.

“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” Google said.

Layer 7 is the highest layer, supporting end-user processes and applications. A layer 7 DDoS attack sends traffic to consume resources, hampering a website’s ability to deliver content.

“In addition to its unexpectedly high volume of traffic, the attack had other noteworthy characteristics. There were 5,256 source IPs from 132 countries contributing to the attack. The top 4 countries [Brazil, India, Russia, and Indonesia] contributed approximately 31% of the total attack traffic,” Google said.

The company added that the geographic distribution and types of unsecured services leveraged to generate the attack match the Mēris family of attacks.

In July, Cloudflare said that Mantis botnet (the next evolution of Meris botnet) was responsible for the 26 million requests per second HTTPS DDoS attack.

Google said it had successfully thwarted the attack.

DDoS attacks climb

Patriotic activism increased dramatically in the first half of 2022, as both established and newly formed pro-Ukrainian and pro-Russian groups aimed to wreak havoc by stealing and leaking information and carrying out denial-of-service attacks.

Attacks, ranging from cases of hacktivism to terabit attacks in Asia and the United States, increased significantly during the first half of 2022.

The number of malicious DDoS attacks climbed 203% compared to the first six months of 2021, cybersecurity company Radware said in its mid-year report.

There were 60% more malicious DDoS incidents during the first six months of 2022 than during the entire year of 2021, the company noted.

DDoS, along with data leaks and website defacements, are commonly used by cyber legions and aimed at disruption and chaos. Both pro-Ukrainian and pro-Russian patriotic activists engage in DDoS operations daily, usually to threaten their enemies and spread (mis)information.

“No organization in the world is safe from cyber retaliation at this time,” said Pascal Geenens, director of threat intelligence for Radware. “Online vigilantes and hacktivists could disrupt wider security efforts driven by nations and authorities. New legions of actors could introduce extreme unpredictability for intelligence services, creating a potential for spillover and wrongful attribution that could eventually lead to an escalation of the cyber conflict.”