Skip to main content

Google shares more details on some of the biggest DDoS attacks ever recorded

(Image credit: Shutterstock)

Google's Threat Analysis Group has revealed that state-sponsored hackers launched the largest ever recorded distributed denial-of-service (DDoS) attack against the company back in 2017.

The attack was launched by a Chinese Advanced Persistent Threat (APT) group, often referred to by the name APT31, and it lasted for more than six months during which time it reached a peak of 2.5 Tbps in traffic.

According to a new blog post from the director of Google's Threat Analysis Group Shane Huntley, the company's Security Reliability Engineering team measured a record breaking UDP amplification attack that originated from four Chinese Internet Service Providers (ISPs). Huntley provided further insight on the use of DDoS attacks by state-sponsored hackers, in his post, saying:

“While it’s less common to see DDoS attacks rather than phishing or hacking campaigns coming from government-backed threat groups, we’ve seen bigger players increase their capabilities in launching large-scale attacks in recent years.”

Growing DDoS attacks

While other cyberattacks are designed to steal user data from companies, DDoS attacks aim to disrupt an organization's service with a flood of useless traffic. If these attacks aren't mitigated in a timely fashion, they can result in a loss of user trust which can hurt a business' reputation as well as its bottom line.

Organizations defending against DDoS attacks must consider every possible target of an attack from the network layer including routers, switches and link capacity to the application layer that includes web, DNS and mail servers. However, some attacks don't focus on a single target and instead attack every IP in a network.

To better understand trends in DDoS attack volumes, Google groups volumetric attacks by network bits per second (bps) for attacks targeting network links, network packets per second for attacks targeting network equipment or DNS servers and by HTTP(S) requests per second (rps) for attacks targeting application servers. This allows the company to focus on ensuring each system has sufficient capacity to withstand attacks.

In addition to the DDoS attack recorded by Google in 2017, the company has also shared more details on some of the biggest DDoS attacks ever recorded. These include a 690 Mbps attack generated by an IoT botnet earlier this year as well as a network man-in-the-middle (MitM) attack from 2014 that flooded YouTube with requests peaking at 2.7 millions of requests per second (Mrps).

The 2.5 Tbps attack Google experienced in 2017 didn't cause any impact as the company reported thousands of vulnerable servers to their network providers and worked with them to trace the source of spoofed packets so they could be filtered.

Google believes that we need to work together for collective security in order to reduce the impact of DDoS attacks. To do so, individual users must ensure their devices are patched and secured while businesses should report criminal activity, ask network providers to trace the sources of spoofed attack traffic and share information on attacks with the internet community.