For HomeFor BusinessFor Partners
Industry News
1 min read

Google Mitigates Largest DDoS Attack in Its History

Silviu STAHIE

October 13, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Google Mitigates Largest DDoS Attack in Its History

Google managed to mitigate the most significant DDoS attack sever registered in its infrastructure, which was only possible due to a vulnerability in the  HTTP/2 protocol.

Large DDoS attacks happen all the time, but we rarely hear about them because internet service providers and other types of organizations thwart the attacks. This means that attackers are constantly looking for ways to increase their output, hoping they’ll somehow manage to overwhelm existing protections.

Google highlights a worrying trend regarding the size of DDoS attacks yearly. It’s not just that they’re increasing in size, which is to be expected, but they’re growing much more than anyone would assume.

The largest DDoS attacks mitigated by Google in 2022 reached around 46 million requests per second (rps). This new one was 7.5 times higher, clocking in at 398 rps. The main difference is that attackers used a new HTTP/2 “Rapid Reset” technique, which takes advantage of a vulnerability in the HTTP/2 protocol.

“The most recent wave of attacks started in late August and continues to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” saidGoogle. “Although these attacks are among the largest attacks Google has seen, our global load-balancing and DDoS mitigation infrastructure helped keep our services running.”

“For a sense of scale, this two minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”

The HTTP/2 vulnerability is already being tracked as CVE-2023-44487, with a CVSS score of 7.5 out of 10. Attackers use a functionality named stream multiplexing but in a different way. They open up multiple streams at the same time and cancel them immediately.

“The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately,” Google also explained.

tags

Industry News

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows
Industry News Scam

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows

July 01, 2024

7 min read
Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report
Smart Home

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

June 26, 2024

2 min read
UEFA EURO 2024 Scams Are Already Here – How to Stay Safe
Scam Tips and Tricks

UEFA EURO 2024 Scams Are Already Here – How to Stay Safe

June 25, 2024

5 min read
Most People Still Write Important Passwords Down, Bitdefender Report Finds
Digital Privacy Threats

Most People Still Write Important Passwords Down, Bitdefender Report Finds

June 07, 2024

2 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Cybersecurity Grand Prix: Pole Position Passwords
Cybersecurity Grand Prix

Cybersecurity Grand Prix: Pole Position Passwords
Bitdefender

June 21, 2024

3 min read
The Safety Formula - Episode 10: Human Intuition Meets Advanced Technology
The Safety Formula

The Safety Formula - Episode 10: Human Intuition Meets Advanced Technology
Bitdefender

April 17, 2024

2 min read
Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers
Industry News

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers
Graham CLULEY

March 06, 2024

2 min read

Bookmarks

loader