A Google Cloud customer received the equivalent of Wikipedia’s daily number of requests in about ten seconds. But there was no breakdown.
Among the most common computer attacks, there are DDoS attacks or distributed denial of service attacks which consist in bombarding an online service with requests in order to make it out of service. But fortunately, the protections available to deal with this type of attack are also increasingly advanced.
For example, in June, Cloudflare reported that it was able to mitigate a large-scale attack that targeted one of its free plan customers. It was an HTTPS DDoS attack (the fact that it is an HTTPS attack that requires more resources) that sent 212 million requests in 30 seconds.
Google manages to counter an HTTPS DDoS attack at 46 million requests per second
And recently, Google mentioned a new record. On June 1, a customer of its Google Cloud service was the target of an HTTPS DDoS attack with a peak of 46 million requests per second. According to the explanations of the Mountain View firm, this is the largest attack of this type ever recorded and it was 76% larger than the one countered by Cloudflare.
To give us an idea of the importance of this attack, Google explains that it is like receiving the daily number of requests from Wikipedia (one of the 10 most visited sites in the world) in just 10 seconds.
But fortunately for the targeted customer, Google’s protection systems were able to counter this powerful DDoS attack. Google Cloud’s Cloud Armor protection was able to detect this attack early on, allowing protective mechanisms to be triggered.
Cloud Armor alerted the customer with a recommended protection rule which was then deployed before the attack reached full scale. Cloud Armor blocked the attack by ensuring that the customer’s service remained online and continued to serve its end users.
“Our client’s network security team deployed the rule recommended by Cloud Armor in their security policy, and they immediately began blocking attack traffic,” Google said. “Within two minutes, the attack started to ramp up, going from 100,000 rps to a peak of 46 million rps“.
Attack size will continue to scale, says Google
Then, because Cloud Armor was already blocking the attack traffic, the customer’s site continued to function normally. The intensity of the attack then gradually decreased, eventually ending in 69 minutes.
“Presumably, the attacker likely determined that it didn’t have the desired impact while incurring the significant expense to execute the attack,” Google said.
And if the scale of this attack, in which a Google Cloud customer was the target, is impressive, the firm predicts that the size of computer attacks will continue to evolve. Thus, in this one the firm highlights the implementation of adequate protections, like those proposed by its cloud offer.