Google stops biggest-ever distributed denial-of-service cyber attack
The cyber security threats such as distributed denial-of-service (DDoS) are growing exponentially, disrupting businesses of all sizes globally, leading to outages and loss of user trust, Google has said.
The tech giant revealed that its infrastructure absorbed a massive 2.5Tbps DDoS in September 2017, the highest-bandwidth attack reported to date which was the culmination of a six-month campaign that utilised multiple methods of attack.
“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact,” Google said in a statement on Friday.
The attacker used several networks to spoof 167 Mbps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to Google.
“This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. It remains the highest-bandwidth attack reported to date, leading to reduced confidence in the extrapolation,” the company informed.
With a DDoS attack, an adversary hopes to disrupt their victim’s service with a flood of useless traffic.
While this attack doesn’t expose user data and doesn’t lead to a compromise, it can result in an outage and loss of user trust if not quickly mitigated.
Attackers are constantly developing new techniques to disrupt systems.
“Some attacks may not even focus on a specific target, but instead attack every IP in a network. Multiplying the dozens of attack types by the diversity of infrastructure that must be defended leads to endless possibilities,” Google said.
The company said the main task is to determine the capacity needed to withstand the largest DDoS attacks for each key metric.
“While we can estimate the expected size of future attacks, we need to be prepared for the unexpected, and thus we over-provision our defenses accordingly”.
The company recently announced ‘Cloud Armor Managed Protection’ which enables users to further simplify their deployments, manage costs, and reduce overall DDoS and application security risk.
Google said it is working with others in the internet community to identify and dismantle infrastructure used to conduct attacks.
na/(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)
Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.
We, however, have a request.
As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.
Support quality journalism and subscribe to Business Standard.