Internet companies tackle the biggest ever denial of service attack

Internet companies including Google and Amazon are fighting off the world’s biggest distributed denial of service (DDoS) attack. They’re warning internet users that these types of attacks could cause widespread disruption unless cybersecurity measures are stepped up.

In a blog post, dated October 10th, 2023, Google said the attack, which began in August, was not yet fully contained. The scale of the latest attack dwarfed the previous largest which took place in 2022, Google added, saying it was 7.5 times bigger.

The World Economic Forum’s Global Risks Report, 2023 identified widespread cybercrime and cyber insecurity as one of the top 10 risks facing the world in the next two years.

Denial of service attacks are nothing new but they are becoming increasingly sophisticated and disruptive. A DDoS attack is aimed at making websites unreachable by overwhelming them with requests for data.

When they launch a DDoS attack, cybercriminals and other threat actors direct huge amounts of internet traffic at target servers which are unable to process the volume of requests. This often results in websites crashing and online services being unavailable.

According to a Google blog post, the record-setting DDoS attack used a new technique known as “Rapid Reset” that exploits the HTTP/2 request transfer system that is the foundation on which the internet functions. Google says at its peak, the attack was sending 398 million requests per second.

To illustrate the scale of the attack, Google says it generated more requests in two minutes than the total number of article reads on Wikipedia for the entire month of September 2023.

Both Google and Amazon Web Services (AWS) said they were able to protect customers using their cybersecurity systems which quickly detected the spike in web traffic being directed at target servers.

Internet security company Cloudflare also detected the attack and quickly developed purpose-built technology to protect against it. In a blog post, Cloudflare emphasized the importance of collaboration in fighting off these potentially devastating threats, saying: “When we have the opportunity to work with our industry partners and governments to ensure there are no widespread impacts on the Internet, we are doing our part in increasing the cyber resiliency of every organization no matter the size or vertical.”

At this stage, the source of the record breaking DDoS attack has not been identified but there is no doubt that the risk of such attacks is growing.

The World Economic Forum’s Global Cybersecurity Outlook 2023 points to the convergence of geopolitical instability, the arrival of AI that can amplify cyberattacks and a lack of cybersecurity expertise as drivers of the growing risks.

The report finds that 86% of business leaders and 93% of cyber leaders believe “geopolitical instability is moderately, or very likely to lead to a catastrophic cyber event in the next two years.” The report finds there is a broad consensus among leaders on actions to mitigate those risks.

The evolving cyber threat landscape requires a new focus on countermeasures to keep one step ahead of attackers. They have demonstrated that they have the technical expertise and the intent – both criminal and political – to mount DDoS attacks that could have devastating consequences.