Subj : Google says it blocked the largest DDoS attack ever detected
To   : All
From : TechnologyDaily
Date : Wed Oct 11 2023 13:15:04

Google says it blocked the largest DDoS attack ever detected

Date:
Wed, 11 Oct 2023 12:03:53 +0000

Description:
It's more than seven times larger than the previous DDoS record-holder, 
peaking at almost 400 million rps.

FULL STORY
======================================================================

Google says has stopped the largest Distributed Denial of Service ( DDoS ) 
attack ever, and together with industry peers, discovered the vulnerability 
that made the attack possible in the first place. 

In a blog post outlining its work, Google says the blocked attack was 7.5 
times larger than the largest-ever recorded DDoS incident.This latest 
record-setter peaked at 398 million requests per second (rps), up from 46 
million rps which was the previous record, established last year. 

The most recent wave of attacks started in late August and continues to this 
day, targeting major infrastructure providers including Google services, 
Google Cloud infrastructure, and our customers, Google noted. Rapid reset 

To make such a mighty attack possible, the unnamed threat actors deployed a 
novel HTTP/2 technique dubbed "Rapid Reset" based on stream multiplexing, 
Google explained. Stream multiplexing is a feature of the widely-adopted 
HTTP/2 protocol, the company said, adding that the technical details can be 
found on this link . 

Soon after detecting the attack, Google introduced additional mitigation 
strategies and reached out to its industry peers (cloud providers, and 
similar) who also use the HTTP/2 protocol stack. We shared intelligence about 
the attack and mitigation methodologies in real-time as the attacks were 
underway, Google said. 

Together, they identified a vulnerability in the protocol stack tracked as 
CVE-2023-44487, a high-severity flaw with a CVSS score of 7.5/10. 

Businesses should investigate if their servers running HTTP/2 are not 
vulnerable, Google says, or in case they are - apply the patch. If you are 
managing or operating your own HTTP/2-capable server (open source or 
commercial) you should immediately apply a patch from the relevant vendor 
when available, the company concluded. 

DDoS attacks are a common tactic among cybercriminals, in which they disrupt 
internet-facing websites and services. More from TechRadar Pro Thousands of 
corporate logins have been taken by info-stealing malware Here's a list of 
the best firewalls today These are the best endpoint protection services 
right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/google-says-it-blocked-the-largest-ddos
-attack-ever-detected


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.