Google and Amazon Thwart Record-Breaking DDoS Attack
Google, Amazon and Cloudflare – some of the largest companies operating on the internet – have reportedly “mitigated the largest DDoS attack to date”, which peaked at more than 398 million requests per second. The attack, which is said to have been facilitated by a new vulnerability (CVE-2023-44487) in the HTTP/2 protocol, was seven and a half times larger than last year’s attack, according to Google.
For more context and a sense of scale, Google said the two-minute attack “generated more requests than the total number of article views reported by Wikipedia for the entire period of September 2023.”
Amazon also confirmed the attack in a blog post, saying it detected the attack between August 28 and August 29, 2023. “AWS Proactive Monitoring detected an unusual spike in HTTP/2 requests sent to Amazon CloudFront, exceeding 155 million requests per second (RPS), Amazon said.
Another major internet company, Cloudflare, also reported the same and mentioned that this attack was three times larger than any previous attack the company had faced.
What are DDoS attacks?
Distributed Denial of Service, or DDoS for short, is a type of attack by a bad actor that tries to take a service offline by bombarding it with an insane number of requests per second, rendering websites and services unusable.
Google says that DDoS attacks can have far-reaching effects, including loss of business and the availability of critical applications.
What can businesses do to stay safe?
In this case, Google, Amazon, and Cloudflare all had their own protections. Google mentions that it has invested heavily in “edge capacity”, keeping its services intact. Amazon also had protections in the form of Amazon CloudFront and AWS Shield. Therefore, companies that do not have their own infrastructure to protect themselves can take advantage of services provided by companies like Google and AWS to mitigate potential security threats.