Hello everyone and welcome to ZDTech, ZDNet’s daily editorial podcast. I’m Pierre and today I’m going to tell you how Google recently managed to block nothing less than the biggest DDoS attack ever carried out on the web.
June 1 is a milestone for the world of cybersecurity. That day, Google Cloud, the cloud branch of the American giant, announced that it had protected one of its customers against the biggest DDoS attack ever recorded. But before we get to the topic that concerns us today, maybe I can suggest a little reminder for those who are new to cyber attacks.
A distributed denial of service attack, also known as a DDoS attack, sees an attacker flooding its victim’s network or servers with a wave of internet requests so large that its infrastructure is quickly overwhelmed by the number of access requests. Consequence: the victim’s services are slowed down, even completely knocked out, which prevents its legitimate users from accessing them.
46 million requests per second!
But on June 1, the DDoS attack foiled by Google peaked at a whopping 46 million requests per second (RPS). For 69 minutes that day, the attackers bombarded the victim’s HTTP/S load balancer with their attack attack starting with a flurry of 10,000 RPS, then 100,000 RPS before reaching an impressive spike of 46 million RPS.
According to Google, the attack came from 5,256 source IP addresses spread across 132 countries. For the American giant, there is no doubt that the geographical distribution and the types of insecure services used to generate the attack correspond to the Mēris family of botnets. As a reminder, the latter, which appeared in 2021, was mainly based on compromised MikroTik brand routers and used to launch attacks targeting the processing capacities of the targeted servers.
If the attack could be thwarted on June 1, there is no doubt that an offensive of this kind is called upon to be repeated in the future. Especially since the company Cloudflare alerted last July to the existence of the successor to Meris, called Mantis, which no longer operates compromised routers but virtual machines and servers hosted by cloud computing companies. Enough to give work to cybersecurity players in the months to come…