Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever - Best Business Review Site 2024

Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever

[ad_1]

Google DDoS Attack August 2023

Monster DDoS attacks hit Google Cloud and other major internet services.

Google

Distributed Denial of Service (DDoS) attacks may be one of the least sophisticated types of cyberattacks but they can do real damage. Now Google and other top cloud companies are reporting new records for the largest DDoS attacks ever.

The Google Cloud was hit by the largest DDoS attack in history this past August, with the digital onslaught peaking at an unprecedented 398 million requests per second (RPS). How big is that? According to Google, in two minutes, the Google Cloud was slammed by more RPS than Wikipedia saw in all of September 2023. 

Also: Newly discovered Android malware has infected thousands of devices

That’s big. The attack on Google Cloud, which employed a novel “Rapid Reset” technique, was 7½ times larger than any previously recorded DDoS attack. 2022’s largest-recorded DDoS attack peaked at “only” 46 million RPS.

Google wasn’t the only one to get hit. Cloudflare, a leading cloud delivery network (CDN), and Amazon Web Services (AWS), the world’s biggest cloud provider, also reported getting blasted. Cloudflare fended off a 201 million RPS attack, while AWS held off a 155 million RPS assault.

These DDoS attacks began in late August and “continue to this day,” according to Google, targeting major infrastructure providers. Despite the scale and intensity of the attacks, the top technology firms’ global load-balancing and DDoS mitigation infrastructure effectively countered the threat, ensuring uninterrupted service for their customers.

In the attacks’ wake, the companies coordinated a cross-industry response, sharing intelligence and mitigation strategies with other cloud providers and software maintainers. This collaborative effort developed patches and mitigation techniques that most large infrastructure providers have already adopted.

Also: The best VPN services (and how to choose the right one for you)

The “Rapid Reset” technique exploited the HTTP/2 protocol’s stream multiplexing feature which is the latest step in the evolution of Layer 7 attacks. This attack works by pushing multiple logical connections to be multiplexed over a single HTTP session. 

This is a feature “upgrade” from HTTP 1.x, in which each HTTP session was logically distinct. Thus, just like the name says, an HTTP/2 Rapid Reset attack consists of multiple HTTP/2 connections with requests and resets one after another. If you’ve implemented HTTP/2 for your website or internet services, you’re a potential target.

In practice, Rapid Reset works by a series of requests for multiple streams being transmitted, followed immediately by a reset for each request. The targeted system will parse and act upon each request, generating logs for a request that is then reset, or canceled. Thus, the targeted system burns time and compute generating those logs even if no network data is returned to the attacker. A bad actor can abuse this process by issuing a massive volume of HTTP/2 requests, which can overwhelm the targeted system.

Also: New cryptographic protocol aims to bolster open-source software security

This is actually a turbo-charged version of a very old kind of attack: The HTTP flood request DDoS attack. To defend against these sorts of DDoS attacks, you must implement an architecture that helps you specifically detect unwanted requests as well as scale to absorb and block those malicious HTTP requests.

The vulnerability exploited by the attackers has been tracked as CVE-2023-44487

Organizations and individuals serving HTTP-based workloads to the internet are advised to verify the security of their servers and apply vendor patches for CVE-2023-44487 to mitigate similar attacks. The patches are on their way. But, until they’re widely installed, I guarantee we’ll see more Rapid Reset attacks. 

Most companies don’t have the resources needed to deal with such attacks. You need extensive and powerful network DDoS defensive services such as  Amazon CloudFront, AWS Shield, Google Cloud Armor, or CloudFlare Magic Transit to fend off Rapid Reset attackers. 

Eventually, the fix will be in for this particular attack, but similar ones will soon be on their way. As the security saying goes, “Security isn’t a product, it’s a process.” 



[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot