How Google thwarted the biggest cyberattack in history

War in Ukraine the underside of the devastating Russian cyberattacks

You will also be interested


[EN VIDÉO] What is a cyberattack?
With the development of the Internet and the cloud, cyberattacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyberattacks?

Tens of millions. It is the number of queries that Wikipedia, one of the most visited sites in the world, receives every day. It’s astronomical but the encyclopedia has the servers and the bandwidth suitable for supporting such increases in load. This is the example given by Google after countering the biggest cyberattack in history on its Cloud.

It was at the beginning of June, and it is only today that the firm decided to lift the veil on this attack which affected a client of Google Cloud. That day, Google blocked a so-called ” denied service (DDoS) whose throughput has reached 46 million HTTPS requests per second!

This is the largest Layer 7 DDoS attack reported to date, at least 76% higher than the previous recordexplains a Google engineer. To give an idea of ​​the scale of the attack, this is equivalent to receiving all daily requests from Wikipedia (one of the 10 most visited websites in the world) in just 10 seconds.. »

“Adaptive” protection

Perhaps most impressively, Google managed to thwart this attack. For this, the target customer had already configured the ” Adaptive protection in its security policy Cloud Armor “. A method of establishing a baseline of normal traffic patterns for its service. As a result, this protection, which acts as a firewall, was able to detect the DDoS attack early in its lifecycle, analyze its incoming traffic, and generate an alert with a recommended protection rule. All before the attack escalates. It all happens in seconds.

To limit the scale of the attack, the protection tool automatically throttled the flow, and Google explains that the customer preferred to “throttle” the attack rather than “deny” it. Why ? This method therefore reduces the impact on legitimate incoming traffic, while isolating malicious requests. Clearly, the client’s server, whose name was never mentioned, was never “unreachable” as is generally the case with a DDoS attack.

Attacks from 132 countries

Google also explains that before deploying this “rule”, it was first deployed in preview mode. The customer was thus able to verify that only unwanted traffic would be refused and that legitimate users could continue to access the service. When the attack reached its peak of 46 million rps (requests per second), Cloud Armor’s suggested rule was already in place to block the bulk of the attack and ensure that the apps and targeted services remain available.

What undoubtedly made the task easier was that the number ofIP addresses at the origin of the attacks was ultimately not so high. Google counted less than 6,000 from 132 countries, four of which accounted for nearly a third of the attacks. By blocking them, the client was able to quickly limit their impact.

SPECIAL OFFER: subscribe to our media for 3 months and receive the Mag Futura as a gift!*

*Offer valid for any new 3-month subscription to the “I participate in the life of Futura” offer on Patreon.

Interested in what you just read?

fs1