In June 2022, an unnamed Google Cloud Armor client suffered a DDoS attack over HTTPS that reached a rate of 46 million requests per second (request-per-second, RPS). To date, this is the largest DDoS attack of this type in history.
Let me remind you that the previous record in this area was recorded at the beginning of summer by Cloudflare specialists. At that time, an incident with a capacity of 26 million RPS was reported, behind which was a small but very dangerous Mantis botnet, consisting of only 5,000 devices.
According to Google experts now, on the morning of June 1 of this year, an attack began, initially targeting the HTTP / S load balancer of one of the clients, and at first its power was only 10,000 RPS.
Just eight minutes later, this attack increased to 100,000 RPS, triggering Google Cloud Armor Protection. Two minutes later, the attack peaked at 46 million requests per second. In total, the DDoS lasted 69 minutes.
To describe the scale of what happened, Google engineers write that this attack was equivalent to receiving all daily Wikipedia requests in just 10 seconds.
“We believe that the attacker probably decided that he did not achieve the desired effect, while incurring significant costs in carrying out the attack,” the company’s report reads.
Researchers believe that the Mēris botnet, already known from other high-profile incidents, was behind this attack. For example, last fall, he attacked the Yandex company, at that time setting a record for the power of DDoS attacks: 21.8 million RPS.
According to Google, the attack traffic originated from just 5,256 IP addresses scattered across 132 countries around the world and exploited HTTPS, which means that the devices that sent the requests have very impressive computing resources. Another distinguishing feature of this attack was the use of Tor exit nodes. Although 22% (1169) of the sources sent requests through the Tor network, they accounted for only about 3% of the total attack traffic.