Cybersecurity

Internet companies tackle the biggest ever denial of service attack

Internet companies including Google and Amazon are fighting off the world’s biggest distributed denial of service (DDoS) attack.

Internet companies including Google and Amazon are fighting off the world’s biggest distributed denial of service (DDoS) attack. Image: Unsplash/Sergey Zolkin

Simon Torkington
Senior Writer, Forum Stories
This article is part of: Annual Meeting on Cybersecurity
  • Cybercriminals have launched the biggest ever distributed denial of service attack.
  • Internet companies continue to fight off the attack which began in August.
  • Cybercrime and insecurity are among the top 10 global risks, says 2023 report.

Internet companies including Google and Amazon are fighting off the world’s biggest distributed denial of service (DDoS) attack. They’re warning internet users that these types of attacks could cause widespread disruption unless cybersecurity measures are stepped up.

In a blog post, dated October 10th, 2023, Google said the attack, which began in August, was not yet fully contained. The scale of the latest attack dwarfed the previous largest which took place in 2022, Google added, saying it was 7.5 times bigger.

The World Economic Forum’s Global Risks Report, 2023 identified widespread cybercrime and cyber insecurity as one of the top 10 risks facing the world in the next two years.

Graphic illustrating the top ten risks over a two and ten year period.
Cybercrime and cyber insecurity are among the top 10 global risks. Image: World Economic Forum

How does a DDoS attack work?

Denial of service attacks are nothing new but they are becoming increasingly sophisticated and disruptive. A DDoS attack is aimed at making websites unreachable by overwhelming them with requests for data.

When they launch a DDoS attack, cybercriminals and other threat actors direct huge amounts of internet traffic at target servers which are unable to process the volume of requests. This often results in websites crashing and online services being unavailable.

According to a Google blog post, the record-setting DDoS attack used a new technique known as “Rapid Reset” that exploits the HTTP/2 request transfer system that is the foundation on which the internet functions. Google says at its peak, the attack was sending 398 million requests per second.

A new type of DDoS attack sends hundreds of millions of requests per second.
A new type of DDoS attack sends hundreds of millions of requests per second. Image: Google

To illustrate the scale of the attack, Google says it generated more requests in two minutes than the total number of article reads on Wikipedia for the entire month of September 2023.

Both Google and Amazon Web Services (AWS) said they were able to protect customers using their cybersecurity systems which quickly detected the spike in web traffic being directed at target servers.

Internet security company Cloudflare also detected the attack and quickly developed purpose-built technology to protect against it. In a blog post, Cloudflare emphasized the importance of collaboration in fighting off these potentially devastating threats, saying: “When we have the opportunity to work with our industry partners and governments to ensure there are no widespread impacts on the Internet, we are doing our part in increasing the cyber resiliency of every organization no matter the size or vertical.”

Discover

How is the Forum tackling global cybersecurity challenges?

Protecting business systems from cyberattacks

At this stage, the source of the record breaking DDoS attack has not been identified but there is no doubt that the risk of such attacks is growing.

The World Economic Forum’s Global Cybersecurity Outlook 2023 points to the convergence of geopolitical instability, the arrival of AI that can amplify cyberattacks and a lack of cybersecurity expertise as drivers of the growing risks.

The report finds that 86% of business leaders and 93% of cyber leaders believe “geopolitical instability is moderately, or very likely to lead to a catastrophic cyber event in the next two years.” The report finds there is a broad consensus among leaders on actions to mitigate those risks.

Graphic illustrating the changes leaders are aiming to make in response to geopolitical risks.
Business and cyber leaders are broadly aligned on actions to mitigate cyber risks. Image: World Economic Forum

The evolving cyber threat landscape requires a new focus on countermeasures to keep one step ahead of attackers. They have demonstrated that they have the technical expertise and the intent – both criminal and political – to mount DDoS attacks that could have devastating consequences.

Have you read?
Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum