The Independent’s journalism is supported by our readers. When you purchase through links on our site, we may earn commission. Why trust us?
- CAR INSURANCE
- CAR INSURANCE
- TOOLS
- PROVIDERS
- GUIDES
- BROADBAND
- HOME SERVICES
- VPN
- HEALTH
Internet giants Google, Amazon and Cloudflare have all reported a new zero-day vulnerability exploited by unknown threat actors, which led to the largest-ever DDoS attack on record. All three companies say they successfully mitigated the attack with minimal disruption to services.
DDoS attacks are one of the less advanced forms of cyber attacks – but their potential to disrupt targeted servers should not be underestimated. DDoS attacks are intended to flood servers or a network with an abnormal amount of internet traffic, preventing real users from gaining access. Hackers could attack any unsecured network, but this becomes a tough task if you’re connected to a VPN, which masks your real IP address.
The zero-day flaw in the HTTP/2 protocol has been aptly named Rapid Reset. HTTP/2 speeds up page loading and allows multiple HTTP requests to be sent to a target server via one connection. The vulnerability allowed the unknown threat actors to activate a large-scale automated cycle of sending and cancelling requests to overwhelm servers and take them offline.
Rapid Reset was 7.5 times larger than Google’s 2022 attack, which had 46 million requests per minute. Google recorded over 398 million requests per second; Cloudflare recorded 201 million requests per second at its peak; and Amazon received 155 million requests per second.
Google noted in its blog that the attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”
This is not an isolated attack. Previously, Cloudflare and Amazon recorded DDoS attacks peaking at just over 201 million requests per second. Cloudflare says it has mitigated more than 1,100 attacks until August 2023, with 184 of them being higher than the company’s highest recorded DDoS attack of 71 million RPS.
According to Google, attacks still “continue to this day”. These attacks have been implemented on a large-scale basis and have the potential to cause mass disruption. However, companies have reportedly worked together, sharing intelligence and mitigation strategies. Google also noted its global load-balancing and DDoS mitigation infrastructure helped keep services up and running without disruption.
Cybercrime, such as DDoS attacks, can have damaging consequences. An attacker who successfully infiltrates a DDoS attack can prevent you from accessing important websites, such as banking and online merchants. While DDoS attacks themselves do not steal information, they can be used as a means to facilitate other cyber attacks. Hackers could potentially be testing for weaknesses, as well as using DDoS as a smokescreen for another attack. If you’re attempting to visit a website that’s facing a DDoS attack, either the service will be slow or you’ll be denied access. For businesses, this can cost valuable time and money and is especially damaging for small business owners.