Google on Friday revealed that a “state-sponsored” hacking group launched a series of DDoS attack on its system in 2017. The DDoS attacks that lasted over six months peaked to 2.5Tbps in traffic – making it the largest cyber-attack recorded till date, the company added. At the moment, it is unclear which Google system was under the threat; however, Google’s Threat Analysis Group (TAG) in a separate post stated that DDoS sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394).
Explaining the DDoS or distributed denial of service attack, the company said that the hacker hopes to disrupt their victim’s service with a flood of useless traffic. While this attack doesn’t expose user data or doesn’t lead to a compromise, it can result in an outage and loss of user trust if not “quickly mitigated.” Hackers also use different methods of channelising this attack and even provide them with “fancy names” such as Smurf, Tsunami, XMAS tree, HULK, Slowloris, cache bust, TCP amplification, and more. The attacker may not only target a user but may attack every IP in a network, Google added.
To prevent servers from the DDoS attacks, Google claimed that given the data and observed trends, it could “extrapolate to determine the spare capacity needed to absorb the largest attacks likely to occur.” Its Cloud team further speculates that the number of DDoS attacks in future will increase as there is a surge in Internet usage. However, it assured such attacks can be absorbed as the software giant recently deployed Google Cloud Armor integrated into the Cloud Load Balancing service. “We recently announced Cloud Armor Managed Protection, which enables users to further simplify their deployments, manage costs, and reduce overall DDoS and application security risk,” it said.
Earlier this year, Amazon Web Services (AWS) said that the company mitigated DDoS attack clocked at 2.3Tbps – making it the largest DDoS attack at the time.