 "Google blocks world's largest-ever web distributed DDoS cyber attack")
Google has blocked the largest-ever web distributed denial-of-service (DDoS) cyber attack on a customer that peaked at 46 million requests per second (RPS).
This is the largest 'Layer 7 DDoS' reported to date -- at least 76 per cent larger than the previously reported record, according to the company.
"To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds," Satya Konduru, Technical Lead, Google Cloud, said in a statement late on Friday.
DDoS cyber-attacks are increasing in frequency and growing in size exponentially.
"Our customer's network security team deployed the Google Cloud Armor-recommended rule into their security policy, and it immediately started blocking the attack traffic," said Emil Kiner, senior product manager, Cloud Armor.
In the two minutes that followed, the attack began to ramp up, growing from 100,000 RPS to a peak of 46 million RPS.
Since Cloud Armor was already blocking the attack traffic, the target workload continued to operate normally.
"Over the next few minutes, the attack started to decrease in size, ultimately ending 69 minutes later. Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack," said the company.
The geographic distribution and types of unsecured services leveraged to generate the attack matches the Meris family of attacks.
Known for its massive attacks that have broken DDoS records, the Meris method abuses unsecured proxies to obfuscate the true origin of the attacks, said Google.
The attack was stopped at the edge of Google's network, with the malicious requests blocked upstream from the customer's application.
Attack sizes will continue to grow and tactics will continue to evolve.
To be prepared, Google recommended using a defense-in-depth strategy by deploying defenses and controls at multiple layers of your environment and your infrastructure providers' network "to protect your web applications and services from targeted web attacks".
--IANS
na/ksk/
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
You’ve hit your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Quarterly Starter
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Access to Exclusive Premium Stories Online
Over 30 behind the paywall stories daily, handpicked by our editors for subscribers
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app