Leading internet giants, including Google, Amazon, and Cloudflare, recently withstood the largest ever recorded denial of service attack. They have raised concerns over a novel method that poses a significant threat to internet stability.
Google, a subsidiary of Alphabet Inc (GOOGL.O), mentioned in a Tuesday blog post that its cloud services successfully fended off malicious traffic that exceeded the volume of the previous largest attack by more than seven times.
Cloudflare Inc (NET.N), a major internet security firm, stated that this attack was "triple the magnitude of any attack we've seen before." Additionally, Amazon's (AMZN.O) web services division verified encountering an unprecedented form of distributed denial of service (DDoS) assault.
The triad of companies noted that this massive cyber onslaught commenced in late August, with Google highlighting its continuous nature.
A denial of service attack essentially bombards servers with an overwhelming number of spurious data requests, obstructing legitimate online traffic. Over time, these types of attacks have amplified in intensity, now capable of producing hundreds of millions of false requests each second.
To put things in perspective, Google highlighted that just a two-minute stretch of the attack produced more data requests than the entire month's article views on Wikipedia for September 2023. Cloudflare acknowledged the unparalleled scale of the assault.
The heightened severity of these recent attacks is attributed to a vulnerability in HTTP/2, the latest iteration of the protocol foundational to the internet. This flaw leaves servers especially susceptible to malicious requests.
All three tech leaders are emphasizing the need for businesses to upgrade their servers to counteract this vulnerability.
The entities behind these formidable attacks remain unidentified, as tracing such cyber-activities has historically proven challenging. Without adequate defenses, these types of attacks have the potential to cause widespread online chaos. For instance, in 2016, the "Mirai" botnet targeted domain service Dyn, leading to outages across numerous major websites.
The US cybersecurity agency, CISA, has yet to comment on the situation.