Google Cloud has revealed it blocked the largest seven-layer distributed denial-of-service (DDoS) attack ever recorded. The attack happened on June 1 which peaked at 46 million requests per second (rps). This was 76 percent larger than the previously reported large scale attack. Google Cloud’s Armor DDoS protection service was able to stop the large-scale attack at the edge of Google’s network.
Denial-of-service (DDoS) attacks have increased in frequency and scale over the past few years. Several attacks have been registered this year alone with increasing magnitude.
Here's how the attack happened
In a blog, Google said on June 1, a Google Cloud Armor customer was targeted with a series of HTTPS DDoS attacks. It started with more than 10,000 malicious requests per second (rps) and about eight minutes later, the attack grew to 1,00,000 requests per second. In the next two minutes, the attack grew from 100,000 rps to a peak of 46 million rps.
The attack had distinct characteristics like there were 5,256 source IPs from 132 countries contributing to the attack. The geographic distribution and types of unsecured services matched with the Mēris family of attacks that abuses unsecured proxies.
Here’s how Google stopped the attack
The attack was stopped at the edge of Google’s network, as Google Cloud Armor blocked the malicious requests from the customer’s application. Google Cloud Armor is a tool that enables users to safeguard their Cloud environment from DDoS attacks.
Before the attack started, Google says that the customer had configured Adaptive Protection in their relevant Cloud Armor security policy. With that, the Cloud Armor Adaptive Protection was able to detect and analyse the traffic early in the attack. The service alerted the customer with a recommended protective rule which was deployed before the attack reached its full magnitude. The Cloud Armor then blocked the cyber attack ensuring the customer's service stayed online.
How to be protected?
Google recommends using a defence-in-depth strategy to remain safe from DDoS attacks. Google suggests the users to deploy defences and controls at multiple layers of their system environment and infrastructure providers’ network.
This will protect the web applications and services from targeted web attacks. According to Google, the defence strategy includes threat modeling to understand the applications’ attack surfaces, developing proactive and reactive strategies to protect them, and architecting the applications with sufficient capacity to manage unanticipated increases in traffic volume.
