Google has become the target of the largest DDoS attack to date against one of its customers. The attack on one of the Google Cloud Armor clients took place on June 1 and sent 46 million requests per second to the Google Cloud Armor client using HTTPS DDoS attacks. This is the most powerful Level 7 DDOS attack ever reported, surpassing the previous record by at least 76%. This would be equivalent to getting all the daily requests to Wikipedia in just a few seconds, which gives you an idea of the scope of the attack. By detecting and analyzing traffic at an early stage of the attack cycle, Cloud Armor’s adaptive defenses were able to prevent a successful attack. Cloud armor has proposed a defense rule delivered to the customer before the customer reaches the full scope of the attack. With Cloud Armor, customer service was kept online, and end users were able to continue receiving benefits.
The incident happened at about 09:45 bst on 1 June and is believed to have been a web attack. In an attempt to compromise the victim’s HTTP/S load balancer, the attacker was initially only able to generate 10,000 requests per second. Eight minutes after the start of the attack, there was an increase of 100,000 rps. After receiving certain data from the traffic analysis, Google Cloud Armor Protection created an alert and signature based on this data, which was activated. The attack peaked at 46 million requests per second two minutes later.
Thanks to the advice of Cloud Armor, the Customer has already implemented this rule to ensure its normal operation. 69 following the start of the attack. the minute the attack ended. That warning included a suggestion about the rule that could be used to block malicious signatures. In total, 5,256 source IP addresses from 132 countries around the world were involved in the attack.