Google and Amazon have released details about a widespread distributed denial-of-service (DDoS) attack that the companies faced starting in August 2023, Reuters reported.
Along with Google and Amazon, web performance and security company Cloudflare was targeted during the attack and called it the "largest attack in internet history."
How Google's DDoS Response Team Has Dealt with the Attack
In August 2023, Google's DDoS Response Team stopped a DDoS attack that was 7.5 times larger than the largest one on record dating back to August 2022, according to a Google Cloud blog post. DDoS Response Team members noted that cybercriminals used new techniques in their attempt to disrupt websites and internet services during the attack.
The DDoS attack against Google peaked at 398 million requests per second, the company indicated. During the attack, cybercriminals used an HTTP/2 "Rapid Reset" technique in which they generated more website requests than the total number of article views reported by Wikipedia during the entire month of September 2023.
Google utilized its global load-balancing and DDoS mitigation infrastructure to keep its services running during the DDoS attack, the company noted. It has worked with Amazon, Cloudflare and other industry partners to understand the attack and mitigate it. However, the DDoS attack remains ongoing for Google, according to Reuters.
Amazon Web Services (AWS) Detects Spike in HTTP/2 Requests to Amazon CloudFront
Between August 28-29, 2023, AWS CloudFront peaked at over 155 million requests per second, Amazon wrote in a blog post. At this time, AWS discovered that CloudFront had automatically mitigated a Rapid Reset attack.
In the days that followed, AWS observed and mitigated over a dozen Rapid Reset attacks, the company stated. These continued throughout September.
AWS customers with DDoS-resilient architecture were able to keep their apps running in spite of the DDoS attack, the company stated.
Meanwhile, AWS "remains vigilant… to help prevent security issues from causing disruption," the company noted.
How an HTTP/2 Rapid Reset Attack Works
With HTTP/2, users can "request" to view images, text and other items on a website, Cloudflare stated. In a Rapid Reset attack, a cybercriminal will submit thousands of "requests" and immediately cancel them. From here, the criminal will automate a "request, cancel, request, cancel" pattern to overwhelm a website and knock it offline.
MSSPs can provide security services to safeguard organizations against Rapid Reset and other types of DDoS attacks. They can also teach their customers about the dangers of DDoS attacks and other cyber threats and help them find the best ways to improve their security posture.