Internet giants Google, Amazon, and Cloudflare have reported defending against the largest recorded denial of service attack to date, warning of a new method with the potential to cause significant online disruption.
Google, an Alphabet Inc. subsidiary, revealed in a recent blog post that its cloud services successfully thwarted an onslaught of malicious traffic that was over seven times larger than the previous record set last year.
Similarly, Cloudflare stated that the assault was “three times bigger than any attack we’ve seen before.”
Meanwhile, Amazon’s web services division acknowledged facing “a novel type of distributed denial of service (DDoS) attack.”
The companies disclosed that the cyber-offensive began in late August, with Google indicating its continuation.
Denial of service attacks, one of the fundamental cyber threats, operate by bombarding target servers with enormous amounts of false data requests.
This makes it nearly impossible for genuine web traffic to get through.
These threats have evolved alongside the digital landscape, with some now generating millions of deceptive requests every second.
The attacks reported by Google, Cloudflare, and Amazon could produce hundreds of millions of requests within seconds.
To provide some perspective, Google mentioned that just two minutes of the attack generated more requests than the total article views Wikipedia recorded for the entire September 2023.
Cloudflare emphasized the unprecedented nature of the onslaught.
The trio pinpointed the massive attacks’ origin to a vulnerability in HTTP/2, the latest version of the core HTTP network protocol of the internet.
This flaw makes servers especially susceptible to malicious requests. The corporations have strongly advised businesses to update their web infrastructure to prevent susceptibility.
The companies did not identify the culprits behind these DDoS attacks, traditionally challenging to trace.
If these attacks are skilfully executed and not properly countered, they can result in major online disturbances.
In a 2016 incident, the “Mirai” network’s attack impacted domain service Dyn, causing disruptions to numerous notable websites.
As of now, the U.S. government’s cybersecurity agency, CISA, has not provided a comment on the situation.