Google Cloud Blocks Record DDoS attack of 46 Million Requests Per Second

Google’s cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such recorded to date.

The attack, which occurred on June 1, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this June.

“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” Google Cloud’s Emil Kiner and Satya Konduru said.

It’s said to have started around 9:45 a.m. PT with 10,000 RPS, before growing to 100,000 RPS eight minutes later and further ramping up within two minutes to hit a high of 46 million RPS at 10:18 a.m. PT. In all, the DDoS assault lasted for a total of 69 minutes.

Google said that the unexpectedly high volume of traffic originated from 5,256 IP addresses located in 132 countries, with Brazil, India, Russia, and Indonesia alone accounting for 31% of all the attack requests.

22% of the IP addresses (1,169) corresponded to TOR exit nodes, but were responsible for just 3% of the attack traffic.

“The attack leveraged encrypted requests (HTTPS) which would have taken added computing resources to generate,” the company noted. “The geographic distribution and types of unsecured services leveraged to generate the attack matches the Mēris family of attacks.”

In September 2021, the Mēris botnet was linked to a DDoS attack on Russian internet giant Yandex that peaked at 21.8 million RPS. Parts of the botnet’s infrastructure were sinkholed in late September 2021.