Breach, Cloud Security

Google, Amazon Face Massive Denial-of-Service Attack

An email sent out to the social media management platform's users addressed the attack.

Google and Amazon have released details about a widespread distributed denial-of-service (DDoS) attack that the companies faced starting in August 2023, Reuters reported.  

Along with Google and Amazon, web performance and security company Cloudflare was targeted during the attack and called it the "largest attack in internet history."

How Google's DDoS Response Team Has Dealt with the Attack

In August 2023, Google's DDoS Response Team stopped a DDoS attack that was 7.5 times larger than the largest one on record dating back to August 2022, according to a Google Cloud blog post. DDoS Response Team members noted that cybercriminals used new techniques in their attempt to disrupt websites and internet services during the attack.

The DDoS attack against Google peaked at 398 million requests per second, the company indicated. During the attack, cybercriminals used an HTTP/2 "Rapid Reset" technique in which they generated more website requests than the total number of article views reported by Wikipedia during the entire month of September 2023.

Google utilized its global load-balancing and DDoS mitigation infrastructure to keep its services running during the DDoS attack, the company noted. It has worked with Amazon, Cloudflare and other industry partners to understand the attack and mitigate it. However, the DDoS attack remains ongoing for Google, according to Reuters.

Amazon Web Services (AWS) Detects Spike in HTTP/2 Requests to Amazon CloudFront

Between August 28-29, 2023, AWS CloudFront peaked at over 155 million requests per second, Amazon wrote in a blog post. At this time, AWS discovered that CloudFront had automatically mitigated a Rapid Reset attack.

In the days that followed, AWS observed and mitigated over a dozen Rapid Reset attacks, the company stated. These continued throughout September.

AWS customers with DDoS-resilient architecture were able to keep their apps running in spite of the DDoS attack, the company stated.

Meanwhile, AWS "remains vigilant… to help prevent security issues from causing disruption," the company noted.

How an HTTP/2 Rapid Reset Attack Works

With HTTP/2, users can "request" to view images, text and other items on a website, Cloudflare stated. In a Rapid Reset attack, a cybercriminal will submit thousands of "requests" and immediately cancel them. From here, the criminal will automate a "request, cancel, request, cancel" pattern to overwhelm a website and knock it offline.

MSSPs can provide security services to safeguard organizations against Rapid Reset and other types of DDoS attacks. They can also teach their customers about the dangers of DDoS attacks and other cyber threats and help them find the best ways to improve their security posture.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.