The cybersecurity threats such as distributed denial-of-service (DDoS) are growing exponentially, disrupting businesses of all sizes globally, leading to outages and loss of user trust, Google has said.
The tech giant revealed that its infrastructure absorbed a massive 2.5Tbps DDoS in September 2017, the highest-bandwidth attack reported to date which was the culmination of a six-month campaign that utilised multiple methods of attack.
“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defences, the attack had no impact,” Google said in a statement.
The attacker used several networks to spoof 167 Mbps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to Google.
“This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. It remains the highest-bandwidth attack reported to date, leading to reduced confidence in the extrapolation,” the company informed.
With a DDoS attack, an adversary hopes to disrupt their victim’s service with a flood of useless traffic.
While this attack doesn’t expose user data and doesn’t lead to a compromise, it can result in an outage and loss of user trust if not quickly mitigated.
Attackers are constantly developing new techniques to disrupt systems.
“Some attacks may not even focus on a specific target, but instead attack every IP in a network. Multiplying the dozens of attack types by the diversity of infrastructure that must be defended leads to endless possibilities,” Google said.
The company said the main task is to determine the capacity needed to withstand the largest DDoS attacks for each key metric.
“While we can estimate the expected size of future attacks, we need to be prepared for the unexpected, and thus we over-provision our defences accordingly”.
The company recently announced ‘Cloud Armor Managed Protection’ which enables users to further simplify their deployments, manage costs, and reduce overall DDoS and application security risk.
Google said it is working with others in the internet community to identify and dismantle infrastructure used to conduct attacks.