Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Blocks Record-Setting DDoS Attack That Peaked at 46 Million RPS

In June 2022, Google mitigated a Layer 7 distributed denial-of-service (DDoS) attack that peaked at 46 million requests per second (RPS).

Disclosed this week, this is the third HTTPS attack this year to reach tens of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare.

In June 2022, Google mitigated a Layer 7 distributed denial-of-service (DDoS) attack that peaked at 46 million requests per second (RPS).

Disclosed this week, this is the third HTTPS attack this year to reach tens of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare.

The first of them peaked at 15.3 million RPS, Cloudflare announced in April, while the second reached 26 million RPS, the web security company announced in June.

What makes these assaults stand out from the crowd is the use of encrypted requests (HTTPS), meaning that they need significantly higher computational resources compared to typical DDoS attacks.

The attack that Google disclosed this week clearly dwarfs the previously disclosed incidents, as it was roughly 76% larger compared to the previous record.

The attack, Google says, started at 9:45 am PT, on June 1, and lasted for roughly 69 minutes. For most of its duration, the attack was low-intensity – it jumped from 100,000 to 46 million RPS within 10 seconds, but decreased over the next minute and a half to the initial levels.

Google sees DDoS attack of 46 million RPS

According to Google, the assault originated from 5,256 source IPs from 132 countries, with 31% of the traffic coming from the top 4 countries.

Based on the characteristics of this attack, it appears that the Mantis DDoS botnet that Cloudflare detailed last month might have been responsible for the new record-setting incident as well.

Advertisement. Scroll to continue reading.

“The geographic distribution and types of unsecured services leveraged to generate the attack matches the Mēris family of attacks. Known for its massive attacks that have broken DDoS records, the Mēris method abuses unsecured proxies to obfuscate the true origin of the attacks,” Google said.

Mantis – which uses a small number of compromised servers and virtual machine platforms – represents the evolution of the Meris botnet – it has migrated from MikroTik devices to far more powerful systems, Cloudflare has pointed out.

Google also notes that roughly 3% of the attack traffic came from Tor exit nodes – which accounted for 22% (1,169) of the observed source IPs. The presence of these exit nodes in the attacks, Google says, is likely incidental, caused by the nature of the compromised services.

Related: Powerful ‘Mantis’ DDoS Botnet Hits 1,000 Organizations in One Month

Related: Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attacks

Related: Mitel Devices Abused for DDoS Vector With Record-Breaking Amplification Ratio

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.