IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Record for the largest ever HTTPS DDoS attack smashed once again

The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS

A blue and purple digital representation of the world map showing boxes connected by dotted lines

Google Cloud claims to have repelled the biggest HTTPS DDoS attack ever recorded after a Cloud Armor customer was targeted by attacks peaking at 46 million requests per second (RPS).

The DDoS attack, which occurred on June 1, initially targeted the victim's HTTPS Load Balancer with 10,000 RPS. Based on data derived from traffic analysis, Google's Cloud Armor Protection initiated an alert eight minutes later, once the attack had intensified to 100,000 RPS.

Just two minutes later, the attack surged to 46 million RPS, almost 80% higher than the previous record of 26 million RPS, set during an attack on a Cloudflare customer in June.

Google claims that, at its peak, the scale of the attack was equivalent to receiving the entirety of Wikipedia's daily traffic in just 10 seconds. The attack is said to have lasted 69 minutes in total, steadily declining in RPS following the initial peak.

A graph from a Google Cloud blog showing data traffic to a website over time

Researchers at Google identified 5,256 source IPs from 132 countries in connection with the attack. Encrypted requests (HTTPS) were also leveraged, suggesting very powerful computing resources on the attackers’ side.

Although no specific individual or group has claimed responsibility, Google Cloud researchers say the geographic distribution of the nodes used, and the types of services deployed, suggest a Mēris style botnet may have been behind the attack – a botnet previously associated with record-breaking attacks.

“The attack illustrates two trends: that DDoS attack sizes are continuing to grow exponentially and that attack methods are continuing to evolve, leveraging new kinds of vulnerable services from which to launch attacks,” said Emil Kiner, senior product manager at Google Cloud.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

Singapore becomes a lightning rod for Google investment
Business operations

Singapore becomes a lightning rod for Google investment

23 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
Google urges Apple to embrace RCS as standard, ditch SMS for Android texts
Mobile

Google urges Apple to embrace RCS as standard, ditch SMS for Android texts

10 Aug 2022
Google and SkyWater partner on open source chip design platform
Hardware

Google and SkyWater partner on open source chip design platform

29 Jul 2022

Most Popular

What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022