In a remarkable demonstration of resilience and technological prowess, Alphabet Inc-owned Google, e-commerce giant Amazon.com, and internet protection company Cloudflare have collectively thwarted what is being recognized as the largest-known denial of service attack on the internet to date. The internet titans are now cautioning the online community about an emerging technique that poses a serious threat to internet stability and security.
Google announced in a blog post on Tuesday that its cloud services successfully defended against an onslaught of rogue traffic, exceeding the magnitude of the previous record-breaking attack by more than sevenfold. The attack, which commenced in late August, continues to persist, underscoring the scale and persistence of the threat.
Cloudflare, a key player in internet security, revealed that the assault surpassed previous records by being three times larger than any previous attack they had witnessed. Additionally, Amazon Web Services (AWS), a vital infrastructure provider, confirmed being targeted by this new variant of a distributed denial of service (DDoS) event.
Denial of service attacks represent one of the most rudimentary forms of cyberattacks, overwhelming targeted servers with an excessive volume of counterfeit requests for data. This flood of illegitimate traffic obstructs legitimate web traffic from reaching its intended destination.
As the online world has evolved, denial of service attacks have become increasingly potent, capable of generating millions of bogus requests per second. The recent attacks assessed by Google, Cloudflare, and Amazon were disturbingly powerful, capable of generating hundreds of millions of requests per second.
In their assessment, Google, Cloudflare, and Amazon identified a vulnerability in HTTP/2, a modern version of the HTTP network protocol fundamental to the World Wide Web, making servers exceptionally susceptible to rogue requests. They urgently called upon companies to update their web servers to mitigate this vulnerability and fortify their defenses against potential attacks.
The severity of these attacks is further underscored by the sheer volume of requests generated within minutes. Google reported that a mere two minutes of one such assault surpassed the total number of article views on Wikipedia for the entire month of September 2023. Cloudflare emphasized that the magnitude of this attack has never been witnessed before.
While the responsibility for these colossal denial of service attacks remains undisclosed, history indicates that attributing such actions can be challenging. In 2016, an attack attributed to the “Mirai” network of hijacked devices severely impacted the domain name service provider Dyn, disrupting a host of high-profile websites.
As the global digital landscape grapples with evolving threats, the U.S. government’s cybersecurity watchdog, CISA, is closely monitoring the situation, but has not yet issued a statement regarding the recent events. The need for robust cybersecurity measures and immediate action to address vulnerabilities in internet infrastructure has never been more critical to safeguard the stability and security of the internet.