To put the scale of this attack into perspective, Google recorded over 398 million requests per second during the onslaught. Cloudflare also experienced a peak of 201 million requests per second, while Amazon faced a staggering 155 million requests per second. Google emphasised the magnitude of the attack by noting that it generated more requests than the total number of article views reported by Wikipedia for the entire month of September 2023
Major tech giants including Google, Amazon, and Cloudflare were troubled by an unprecedented DDoS (Distributed Denial of Service) attack. This complicated attack, known as “Rapid Reset,” has claimed the title of the largest DDoS attack ever recorded. It’s crucial to know why DDoS attacks are considered such a significant threat in the cybersecurity landscape.
DDoS attacks may not be the most sophisticated form of cyber assault, but their potential to wreak havoc should not be underestimated. These attacks are designed to flood servers or networks with an overwhelming volume of internet traffic, effectively barricading genuine users from accessing the targeted services. In the context of this threat, a Virtual Private Network (VPN) can provide a protective shield by concealing your actual IP address.
The core of this massive attack lies in a zero-day vulnerability found within the HTTP/2 protocol, which has been aptly named “Rapid Reset.” The HTTP/2 protocol was developed to accelerate the loading of web pages, permitting multiple HTTP requests to be transmitted to a target server via a single connection. Unfortunately, this vulnerability allowed unknown threat actors to initiate an automated cycle of sending and canceling requests on a large scale, resulting in server overload and eventual shutdown.
To put the scale of this attack into perspective, Google recorded over 398 million requests per second during the onslaught. Cloudflare also experienced a peak of 201 million requests per second, while Amazon faced a staggering 155 million requests per second. Google emphasised the magnitude of the attack by noting that it generated more requests than the total number of article views reported by Wikipedia for the entire month of September 2023.
This isn’t an isolated incident either. Both Cloudflare and Amazon had previously encountered DDoS attacks with peaks just over 201 million requests per second. Cloudflare, in particular, reported mitigating more than 1,100 attacks leading up to August 2023, with 184 of these surpassing the company’s previous highest recorded DDoS attack of 71 million requests per second.
According to Google, these attacks persist to this day, posing a significant ongoing threat. However, what’s noteworthy is the collaborative approach taken by these tech companies. They’ve been actively sharing intelligence and mitigation strategies to counter this menace. Google also highlighted the importance of its global load-balancing and DDoS mitigation infrastructure, which has played a crucial role in maintaining service continuity without disruption.
What makes DDoS attacks so dangerous?
Cybercrime, exemplified by DDoS attacks, can have far-reaching and damaging consequences. When an attacker successfully launches a DDoS attack, it can effectively block your access to vital websites, including those for banking and online shopping. While DDoS attacks themselves do not involve data theft, they can serve as a diversion for more insidious cyberattacks. Hackers might be probing for weaknesses while simultaneously using a DDoS attack as a smokescreen for another, more sinister assault. For individuals trying to visit a website targeted by a DDoS attack, the result is either painfully slow service or a complete denial of access. For businesses, this can translate to substantial financial losses and wasted time, particularly for small business owners who can least afford such disruptions. It’s essential to recognise the significance of DDoS attacks in the broader cybersecurity landscape and the critical role of collaboration and advanced infrastructure in defending against them.
