Internet companies Google, Amazon and Cloudflare say they have survived the Internet’s largest known denial-of-service (DDoS) attack and are sounding the alarm about a new technique that could easily cause widespread disruption.
DDoS attacks (short for Denial-of-service attack) are one of the most basic forms of attack on the Internet. They simply involve websites and servers being flooded with fake traffic, causing them to malfunction or go offline completely.
Comparing it to something familiar to all of us, it’s as if a teacher in a classroom suddenly had to answer questions not only from all the students in the class, but from the entire school. Or even a dozen. And at the same time.
The largest scale of DDoS attack
Google said in a post published Tuesday on its corporate blog that its cloud services have experienced an avalanche of spoofed traffic as part of an attack launched against them. It was more than 7 times larger than the last record attack last year.
Cloudflare Inc, a network security company, told Reuters the attack was “three times larger than any attack we’ve ever seen.” Amazon.com Inc’s online services division also confirmed it was hit by a “new type of distributed denial of service (DDoS) event.”
According to Reuters, as the online world has developed, the power of DDoS attack operations has also increased, some of which can generate millions of false requests per second. Recent attacks measured by Google, Cloudflare, and Amazon were able to generate hundreds of millions of requests per second.
Google said in its blog post that just two minutes of one such attack “generated more requests than the total number of article views reported by Wikipedia for the entire month of September 2023.” Cloudflare said the attack was on a scale “never seen before.”
Weakness in the new version of HTTP/2
All three companies said the large-scale attacks were caused by a weakness in HTTP/2, a newer version of the HTTP networking protocol that underpins the World Wide Web, which makes servers particularly susceptible to fraudulent requests.
These companies have called for internet servers to be updated to ensure companies do not remain vulnerable to attacks. None of the three companies mentioned stated who was responsible for the attacks.
If targeted wisely and not countered effectively, such attacks can lead to widespread disruption. In 2016, an attack attributed to the “Mirai” network of infected devices hit the Dyn domain name service, disrupting many high-profile websites.
Main photo source: Adobe Stock