Internet companies report biggest-ever denial of service operation

Published Thu, Oct 12, 2023 · 08:11 AM

Alphabet Inc-owned Google said in a blog post published on Tuesday that its cloud services had parried an avalanche of rogue traffic more than seven times the size of the previous record-breaking attack thwarted last year. PHOTO: ST FILE

INTERNET companies Google, Amazon and Cloudflare say they have weathered the internet’s largest-known denial of service attack and are sounding the alarm over a new technique they warn could easily cause widespread disruption.

Alphabet Inc-owned Google said in a blog post published on Tuesday that its cloud services had parried an avalanche of rogue traffic more than seven times the size of the previous record-breaking attack thwarted last year.

Internet protection company Cloudflare Inc said the attack was “three times larger than any previous attack we’ve observed.” Amazon.com Inc’s web services division also confirmed being hit by “a new type of distributed denial of service (DDoS) event.”

All three said the attack began in late August; Google said it was ongoing.

Denial of service is among the web’s most basic form of attack and it works by simply overwhelming targeted servers with a firehose of bogus requests for data, making it impossible for legitimate web traffic to get through.

As the online world has developed, so too has the power of denial of service operations, some of which can generate millions of bogus requests per second.

DECODING ASIA

Navigate Asia in
a new global order

Get the insights delivered to your inbox.

The recent attacks measured by Google, Cloudflare and Amazon were capable of generating hundreds of millions of request per second.

Google said in its blog post that only two minutes of one such attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.” Cloudflare said the attack was of a magnitude that “has never been seen before.”

All three companies said the supersized attacks were enabled by a weakness in HTTP/2 - a newer version of the HTTP network protocol that underpins the World Wide Web - that makes servers particularly vulnerable to rogue requests.

Banking against malware-related scams

Smoke rises over Gaza City after an Israeli airstrike on Oct 9, 2023. Since Hamas launched a deadly cross-border attack into Israel over the weekend, violent videos and graphic images have flooded social media; many of the posts have been seeded by Hamas to inspire terror and take advantage of the lack of content moderation on some social media sites.

EU warns Musk X spreading ‘illegal’ disinformation after Hamas attack

Micro-retailers mostly find electronic payments to be convenient: fast, simple, and with the funds going directly into their accounts.

Heartland businesses go cashless, but teething problems remain

Apple’s compliance status could affect the accessibility of hundreds of thousands of apps on its App Store in China.

Apple enforces new check on apps in China as Beijing tightens oversight

The firms urged companies to update their web servers to ensure that they do not remain vulnerable.

None of the three companies said who was responsible for the denial of service attacks, which have historically been difficult to pin down.

If cleverly aimed and not successfully countered, such attacks can lead to widespread disruption. In 2016, an attack attributed to the “Mirai” network of hijacked devices hit domain name service Dyn, disrupting a swathe of high profile websites.

The US government’s cybersecurity watchdog, CISA, did not immediately return a message seeking comment. REUTERS

Decoding Asia newsletter: your guide to navigating Asia in a new global order. Sign up here to get Decoding Asia newsletter. Delivered to your inbox. Free.

Internet Cybersecurity Alphabet (Google)

Share with us your feedback on BT's products and services

Feedback