Tech giants Google, Amazon, and Cloudflare have successfully mitigated what is being reported as the most disruptive Distributed Denial of Service (DDoS) attack in the history of the internet.
They are now raising concerns about a novel method that could potentially cause significant disruptions across the digital landscape. In a recent publication this week, Alphabet-parent company Google, disclosed that its cloud-based defenses have successfully fended off a deluge of malicious traffic that was over seven times larger than the previous record-holding cyber onslaught neutralized last year.
Cloudflare also gave its opinion stating that the consistent attack on its servers three times larger than previously recorded attacks.
Amazon Web Services (AWS) has also verified that it was targeted by a novel form of Distributed Denial of Service (DDoS) incident.
The initiation of these cyber onslaughts has been traced back to August 2023, marking a new wave of sophisticated Distributed Denial of Service (DDoS) attacks in the cybersecurity landscape. Google has indicated that the cyber threat actors orchestrating these bot-driven assaults on their servers are persisting in their malicious activities.
Denial of Service (DoS) attacks, is a renowned form of cyber assault, overwhelming targeted servers with a huge-amount of fraudulent data requests, obstructing legitimate web traffic. As the digital realm evolves, so does the potency of DoS attacks, capable of generating millions of spurious requests per second.
The statistics from the tech triumvirate (Amazon, Cloudflare, and Google) reveals that the cyber onslaught on their servers was capable of generating over a hundred million requests per second. An indication that these were not just typical DDoS attacks.
In a blog post, Google disclosed that within a brief span of 120 seconds, an influx of high-frequency requests was generated that surpassed the total number of article views recorded by Wikipedia for the entire month of September. This indicates a highly sophisticated cyber attack.
Cloudflare further emphasized stating that:
“The attack of such magnitude has never been seen before.”
The tech trio (Amazon, Cloudflare, and Google) disclosed that the colossal attacks were facilitated by a vulnerability in HTTP/2, a new version of the hypertext transfer protocol that forms the backbone of the World Wide Web. This vulnerability makes servers particularly susceptible to malicious requests.
MITIGATION:
As a precautionary measure, all three companies suggested that organizations are to take swift actions by updating their web servers, to prevent threat actors from exploiting this vulnerability.
Although as at the time this article was written, the threat actors responsible for these unslaught were not disclosed, due to the difficulty in pinpointing the origin of these attacks. They further stated that if the origin of this DDOS is not properly targeted and countermeasures employed, the attacks could result into a widespread of disruption.
In 2016, a cyber onslaught, attributed to the “Mirai” botnet, which is a network of compromised devices, targeted the domain name service provider Dyn. This attack caused significant disruptions to a wide range of high-profile websites. The Mirai botnet exploited vulnerabilities in these devices, commandeering them to launch a coordinated Distributed Denial of Service (DDoS) attack.
We, at FixitGearWare, fervently hope that organizations will heed to the advice of these tech titans – Amazon, Cloudflare, and Google – and take swift action. It’s crucial to safeguard the third pillar of cybersecurity – “Availability” from being compromised. Let’s stand together in the face of these cyber threats and ensure the uninterrupted functioning of our digital world.
Put your comments below in the comment section on your thoughts about this.