Google, Amazon, and Cloudflare—some of the biggest internet-facing companies—have reportedly “mitigated the largest DDoS attack to date,” which peaked at over 398 million requests per second. The attack, said to have been facilitated using a new vulnerability—CVE-2023-44487—that exists in the HTTP/2 protocol, was reportedly seven and a half times larger compared to an attack that happened last year, according to Google.
To provide more context and establish a sense of scale, Google said that the two-minute attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”
Amazon also confirmed the attack in a blog post and stated that it detected the attack between August 28 and August 29, 2023. “Proactive monitoring by AWS detected an unusual spike in HTTP/2 requests to Amazon CloudFront, peaking at over 155 million requests per second (RPS),” Amazon said.
Another major internet company, Cloudflare, also reported the same and mentioned that this particular attack was three times larger than any previous attack the company had faced.
What Are DDoS Attacks?
Distributed Denial of Service, or DDoS for short, is a type of attack by a bad actor in an attempt to take a service offline by bombarding it with an insane amount of requests per second, rendering websites and services unusable.
Google says that DDoS attacks can have wide-ranging impacts, including a loss of business and the unavailability of mission-critical applications.
What Can Companies Do To Be Safe?
In this instance, Google, Amazon, and Cloudflare all had their respective protections in place. Google mentions that it has heavily invested in ‘edge capacity,’ allowing its services to remain unaffected. Amazon also had protections in the form of Amazon CloudFront and AWS Shield. Therefore, companies which don’t have their own infrastructure to protect themselves, can leverage services offered by companies such as Google and AWS to mitigate potential security threats.