Google reveals it absorbed a massive 2.5 Tbps DDoS attack in 2017, largest so far

Google reveals a previously unknown, yet largest to date DDoS attack

The Google Cloud team has published a blog article about exponential growth in DDoS attack volumes^[1]Exponential growth in DDoS attack volumes. Google blog. The official Google blog. on October 16th. The IT giant revealed a previously undisclosed DDoS attack which culmination took place in September 2017 and reached 2.5 Tbps. According to the company representatives, the attack didn’t cause any impact as the infrastructure absorbed it successfully. The source says that the attack was part of a 6-month campaign that leveraged several intervention mechanisms.

Despite the cybercriminals’ efforts to target numerous company’s IPs in order to get past automated system defense mechanisms, they did not succeed to do any impact on Google’s functionality.

In a separate report^[2]Shane Huntley Threat Analysis Group. Google blog. The official Google blog. prepared by Shane Huntley from Google Threat Analysis Group, published on the same day, the attack is identified as a “state-sponsored” and “a record-breaking UDP amplification attack” which appeared to originate from Chinese ISPs, Autonomous System Numbers being 4134, 4837, 58453, and 9394.

Damian Menscher, a Security Reliability Engineer for Google, has stated that they analyzed hundreds of large-scale attacks noticed across three metrics (bits/second, packets/second, requests/second).

The provided graphic shows an apparent exponential growth of DDoS attacks. The engineer says that the factor of exponential Internet growth must be taken into consideration as well; therefore, the growth was expected, although no less problematic.

The engineer also described the massive 2017 attack in detail. It appears that the attacker has used numerous networks in order to spoof 167 Mpps (millions of packets per second) to exposed CLDAP, SMTP and DNS servers. These servers then would send responses to Google system.

The researcher described this as an example of how a well-resourced criminal can achieve large volumes. For example, the record-breaking 623 Gbps attack from Mirai botnet, taking place in 2016, was four-times smaller.

Additionally, it can be noted that the 2017 Google DDoS attack surpassed the 2.3 Tbps attack against Amazon’s AWS infrastructure in 2020 February. This cyber-attack therefore loses its name for the largest DDoS attack to date due to the Google’s official reveal about the incident in 2017.