By 
Major internet companies, including Google, Amazon, and Cloudflare, have reported successfully defending against the largest-known denial of service (DDoS) attack on record and are now raising concerns about a novel technique that could potentially cause significant disruptions.
Google, an Alphabet Inc-owned company, announced in a recent blog post that its cloud services effectively mitigated a massive surge of malicious traffic. This latest attack was more than seven times the size of the previous record-breaking DDoS attack that was thwarted the previous year.
Cloudflare, an internet protection company, stated that the attack they faced was “three times larger than any previous attack we’ve observed.” Additionally, Amazon Web Services (AWS) confirmed that they were targeted by “a new type of distributed denial of service (DDoS) event.”
All three companies reported that the attack commenced in late August, with Google noting that it was ongoing.
DDoS attacks are among the most basic and prevalent forms of web assaults. These attacks work by overwhelming the targeted servers with a flood of bogus data requests, rendering it nearly impossible for legitimate web traffic to pass through.
As the online world has evolved, DDoS attacks have grown in potency. Some DDoS operations can generate millions of bogus requests per second. The recent attacks that Google, Cloudflare, and Amazon encountered were capable of generating hundreds of millions of requests per second.
In its blog post, Google mentioned that only two minutes of such an attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.” Cloudflare also emphasized the unprecedented magnitude of the attack, stating it “has never been seen before.”
The vulnerability exploited in these supersized attacks stems from a weakness in HTTP/2, a more recent iteration of the HTTP network protocol fundamental to the World Wide Web. This weakness makes servers particularly susceptible to rogue requests.
The affected companies have urged others to update their web servers to ensure they are not susceptible to these types of attacks.
None of the three firms disclosed the identity of the party responsible for these DDoS attacks, which historically are challenging to attribute.
If well-targeted and not effectively countered, DDoS attacks can lead to extensive disruptions. In 2016, an attack linked to the “Mirai” network of compromised devices targeted domain name service Dyn, causing significant disruptions for various high-profile websites.
The United States government’s cybersecurity watchdog, CISA, has not issued a response at the time of this report.
Comments