According to Google Cloud, it successfully stopped the greatest distributed denial-of-service (DDoS) assault ever, which reached a peak of 46 million requests per second (rps). One Google Cloud client who was utilizing the DDoS protection service Google Cloud Armor was the target of the assault on June 1.
The attackers blasted consumers’ HTTP/S Load Balancer with HTTPS requests for 69 minutes, starting with 10,000 rps and quickly scaling up to 100,000 rps until peaking at a stunning 46 million rps. The assault was notable not just for its surprisingly enormous level of traffic, but also for other factors. 5,256 source IPs from 132 different countries participated in the assault.
According to Google, it is the largest ever attack at Layer 7, which refers to the applications top layer in the Internet’s OSI model.
The assault on Google’s client was nearly twice as large as a June HTTPS DDoS attack on a Cloudflare customer, which peaked at 26 million rps. That assault similarly relied on a tiny botnet of 5,067 devices scattered across 127 nations.
According to Google, the geographic distribution and types of unprotected services utilized to generate the assault are consistent with the Mēris family of botnets. Mēris is an IoT botnet that first appeared in 2021, consisting primarily of hacked MikroTik routers.
Google discovered that this Mēris-related botnet utilized insecure proxies to conceal the real source of the assaults. It was also discovered that while 22 % of the source IPs, or 1,169, matched to Tor exit nodes, the request volume emanating from those nodes accounted for only 3 percent of the assault traffic.
