Internet companies Google, Amazon and Cloudflare have successfully defended against the largest-known denial-of-service attack on the internet, raising concerns about a new technique that could potentially cause widespread disruption.
Denial-of-service attacks involve overwhelming targeted servers with a flood of bogus requests for data, rendering it impossible for legitimate web traffic to reach its destination. These attacks have become more powerful over time, with some capable of generating millions of bogus requests per second, Reuters reported.
The recent attack faced by Google, Cloudflare and Amazon was unprecedented in scale, according to the report. Google’s cloud services defended against an avalanche of rogue traffic that was more than seven times larger than the previous record-breaking attack. Cloudflare reported that the attack was three times larger than any previous attack they had observed. Amazon’s web services division also confirmed being hit by this new type of distributed-denial-of-service (DDoS) event. The magnitude of the attack was staggering, capable of generating hundreds of millions of requests per second, the report said. To put it into perspective, Google mentioned that just two minutes of the attack generated more requests than the total number of article views reported by Wikipedia in an entire month.
All three companies highlighted that these supersized attacks were made possible due to a weakness in HTTP/2, a newer version of the HTTP network protocol that underpins the World Wide Web, per the report. This vulnerability made servers particularly susceptible to rogue requests. To prevent future attacks, the companies urged organizations to update their web servers.
Attribution in denial-of-service attacks has historically been challenging, and none of the companies identified the responsible party behind the attack, according to the report. However, if not effectively countered, these attacks can lead to significant disruptions. In 2016, a denial-of-service attack attributed to the “Mirai” network of hijacked devices caused widespread disruption, affecting high-profile websites.
The Mirai botnet knocked much of the United States offline, along with top websites around the world, including Reddit, Netflix, Twitter and Spotify. It infected almost 500,000 connected devices and brought much of the internet to a standstill.