Google says it blocked biggest HTTPS-based DDoS attack in June


Google mitigated a massive distributed denial-of-service (DDoS) attack involving HTTPS (Hypertext Transfer Protocol Secure) requests on one of its customers during the first week of June, the company Alphabet said in a blog post. .

The number of HTTPS requests during the attack hit an all-time high of 46 million requests per second, making it the largest Layer 7 DDoS attack to date, according to Google. The attack was 76% larger than the DDoS attack that was blocked by Cloudflare in the same month. During this attack, Cloudflare saw 26 million requests per second.

According to Google, this is equivalent to all daily queries on Wikipedia in just 10 seconds.


A DDoS attack occurs when hackers disrupt the normal traffic of a web server by overwhelming it with large volumes of internet traffic. In HTTPS-based DDoS attacks, hackers use HTTP requests to target servers. An HTTPS request includes information required by web browsers to load a website.

HTTPS is a more secure version of HTTP, an Internet protocol used to send data between a web browser and a website.

Layer 7 refers to the application layer, which is one of the upper layers in the data processing hierarchy of an application or website.


Google further said that detecting and preventing the attack to its Cloud Armor Adaptive Protection tool, which analyzed traffic early in the attack lifecycle and alerted the customer, and also shared the signature of the attack. attack to block the attack. Google says that despite the attack, customer service stayed online and continued to serve customers successfully.

The client chose to throttle the request instead of denying requests to mitigate the impact on legitimate traffic. This allowed them to contain the attack by removing most of the attack volume at the edge of Google’s network.

The attack occurred from multiple geographic locations and used different types of insecure services to generate malicious requests, which Google says is the modus operandi of the Mēris family of attacks. Google discovered that 5,256 source IP addresses from 132 countries were used in the attack, with four countries accounting for nearly 31% of the total traffic.


Comments are closed.