Tech giants Google, Amazon, and Cloudflare were attacked by the largest ever denial of service operation

12 Oct 2023

Major tech companies such as Google, Amazon, and Cloudflare have encountered the internet’s biggest ever denial-of-service attack. They have also issued a warning regarding a new technique that could cause widespread disruption.

Google, which is owned by Alphabet Inc., has made a statement that its cloud services have encountered an unusually large amount of traffic, which is reportedly seven times larger than the previous attack.

Cloudflare Inc., an internet protection company, stated that the attack was three times bigger than any previous attack they had observed. Similarly, Amazon.com Inc.’s web services, AWS, confirmed being hit by a new type of denial of service event.

They have also confirmed that this attack started in late August. Google has even confirmed that this attack is still ongoing.

Denial of service (DoS) is one of the most basic forms of web attack. Its simple plan is to overload targeted servers by barraging them with bogus requests for data. This makes it impossible for genuine web traffic to pass through.

With the development of the online world, the power of denial of service has also increased. It is astonishing to know that some of these DoS can generate millions of bogus requests per second. The recent attack on Google, Cloudflare, and Amazon generated hundreds of millions of bogus requests per second.

In a recent blog post, Google revealed that the mere two-minute duration of this particular attack resulted in a volume of requests that surpassed the entire count of article views documented on Wikipedia for the entire month of September 2023. The attack was so massive that it had "never been seen before," according to Cloudflare.

The companies have confirmed that this attack was due to a flaw in HTTP/2, which is a newer version of the HTTP network protocol. The flaw makes the servers vulnerable to this large number of bogus requests.

The companies have been encouraged to update their web servers as soon as possible and negate the possibility of vulnerability to these requests.

The culprits behind these attacks have not yet been recognized by either company.

If cleverly aimed and not successfully countered, DDoS attacks can lead to widespread disruption. In 2016, the Mirai botnet launched a DDoS attack on domain name service Dyn, disrupting many high-profile websites.

The Mirai botnet was created by exploiting vulnerabilities in Internet of Things (IoT) devices, such as cameras and DVRs. The attackers then used the botnet to send a massive flood of traffic to Dyn, overwhelming its servers and causing it to go offline.

The Dyn attack was one of the largest and most disruptive DDoS attacks in history. It affected millions of users around the world and caused outages for popular websites such as Twitter, Netflix, and Reddit.

The Mirai attack was a wake-up call to the dangers of DDoS attacks and the importance of securing IoT devices. It also highlighted the need for organizations to have a plan in place for dealing with DDoS attacks.

In the years since the Dyn attack, there have been a number of other large and disruptive DDoS attacks. However, organizations have become more aware of the threat and have taken steps to mitigate it. For example, many organizations now use cloud-based DDoS protection services.

CISA, the U.S. government’s cybersecurity organization has not yet made any public statements regarding this matter.