Google says it blocked the largest DDoS attack ever detected

News
By Sead Fadilpašić
published

It's more than seven times larger than the previous DDoS record-holder

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)

Google says has stopped the “largest Distributed Denial of Service” (DDoS) attack ever, and together with industry peers, discovered the vulnerability that made the attack possible in the first place.

In a blog post outlining its work, Google says the blocked attack was 7.5 times larger than the largest-ever recorded DDoS incident. This latest record-setter peaked at 398 million requests per second (rps), up from 46 million rps which was the previous record, established last year. 

“The most recent wave of attacks started in late August and continues to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” Google noted.

Rapid reset

To make such a mighty attack possible, the unnamed threat actors deployed a novel HTTP/2 technique dubbed "Rapid Reset" based on stream multiplexing, Google explained. Stream multiplexing is a feature of the “widely-adopted” HTTP/2 protocol, the company said, adding that the technical details can be found on this link.

Soon after detecting the attack, Google introduced additional mitigation strategies and reached out to its industry peers (cloud providers, and similar) who also use the HTTP/2 protocol stack. “We shared intelligence about the attack and mitigation methodologies in real-time as the attacks were underway,” Google said.

Together, they identified a vulnerability in the protocol stack tracked as CVE-2023-44487, a high-severity flaw with a CVSS score of 7.5/10.

Businesses should investigate if their servers running HTTP/2 are not vulnerable, Google says, or in case they are - apply the patch. “If you are managing or operating your own HTTP/2-capable server (open source or commercial) you should immediately apply a patch from the relevant vendor when available,” the company concluded.

DDoS attacks are a common tactic among cybercriminals, in which they disrupt internet-facing websites and services.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.