Internet giants Google, Amazon, and Cloudflare have successfully defended against the largest-known denial of service attack on the internet. However, they are now raising concerns about a new technique that could potentially cause significant disruption. Google, owned by Alphabet Inc, revealed in a blog post that its cloud services had fended off an onslaught of rogue traffic, which was more than seven times the size of the previous record-breaking attack halted last year. Internet security firm Cloudflare also stated that the attack was “three times larger than any previous attack we’ve observed.” Amazon’s web services division also confirmed being targeted by this “new type of distributed denial of service (DDoS) event.”
These three companies disclosed that the attack began in late August and Google reported that it was an ongoing assault. Denial of service is a basic form of cyber attack that floods targeted servers with bogus requests for data, preventing legitimate web traffic from getting through. Over time, the power of denial of service attacks has increased, with some capable of generating millions of bogus requests per second. In this recent attack, Google, Cloudflare, and Amazon encountered attacks capable of generating hundreds of millions of requests per second.
Google stated in their blog post that just two minutes of one attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.” Cloudflare described the attack as unprecedented in magnitude. All three companies revealed that the supersized attacks exploited a weakness in HTTP/2, a newer version of the HTTP network protocol that underpins the World Wide Web, leaving servers particularly susceptible to rogue requests.
Therefore, they are urging companies to update their web servers to prevent such vulnerability. The responsible party behind these denial of service attacks was not disclosed, as it is historically difficult to identify. These attacks, if targeted cleverly and not successfully countered, can lead to widespread disruption, as demonstrated by the 2016 attack on domain name service Dyn, attributed to the “Mirai” network of hijacked devices, which disrupted numerous high-profile websites. The US government’s cybersecurity watchdog, CISA, has not yet commented on the matter.
Reporting by Raphael Satter, Editing by Sandra Maler
Credit: The Star : Tech Feed