Google Reveals it Was Hit by 2.5Tbps DDoS
Chris Lunn • January 6, 2021
Google has revealed a nation state DDoS campaign against it originating from China, which may have been the biggest attack of its kind ever recorded.
The 2.5Tbps DDoS struck in September 2017 but was made public for the first time on Friday in a report designed to share best practices on cyber-defense and plug Google Cloud mitigations.
According to Google security reliability engineer, Damian Menscher, the attack topped a six-month campaign against the firm.
“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact. The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us,” he explained.
“This demonstrates the volumes a well-resourced attacker can achieve: this was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. It remains the highest-bandwidth attack reported to date, leading to reduced confidence in the extrapolation.”
A separate report on the same day from Shane Huntley of Google’s Threat Analysis Group revealed that this was a state-sponsored UDP amplification attack “sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394).”
“Addressing state-sponsored DDoS attacks requires a coordinated response from the internet community, and we work with others to identify and dismantle infrastructure used to conduct attacks,” he added.
Menscher also argued that collaboration and transparency is important to help reduce the opportunities for such attackers.
For example, Google reported thousands of servers exploited in the DDoS attack to their network providers, so that they could take action.
Neustar last month claimed to have neutralized the largest DDoS it has ever encountered, at just under 1.2Tbps — less than half the size of the attack on Google.
Join Our Mailing List
All sign-ups are handled inline with our privacy policy and can unsubscribe at any time.
Recent Blogs
In a world where AI is changing how we work and compete, security is more important than ever. We are gathering industry leaders and AI experts for a special roundtable event. This event will focus on a key topic: AI security.
Microsoft 365 Business Basic offers a range of cloud-based services designed to empower businesses to work smarter and more efficiently. Let's delve into what this package includes and how it can benefit your organisation.
We’re excited to announce an informative webinar featuring Elliot Wilkie from Brigantia and Craig Atkins from 1-Fix, diving deep into the world of DMARC on 8th July at 2 PM . This is an essential session for anyone looking to secure their email communications, understand DMARC compliance, and enhance their email deliverability.
Businesses are constantly seeking ways to enhance productivity, collaboration, and security, all whilst managing costs effectively. Microsoft Office 365 presents a comprehensive solution that caters to these needs. Here’s a breakdown of the seven key benefits of using Office 365 for your business.
In recent news from Microsoft, there’s significant information affecting charity organisations that rely on Microsoft 365 for their everyday operations. Microsoft has announced that it will be discontinuing the Microsoft 365 Business Premium grant, which currently provides 10 free licenses to nonprofits, with termination slated for March 8, 2026 . Therefore, charities currently benefitting from this grant must prepare for upcoming changes.
Staying efficient and connected has never been more important for businesses. With the increasing demand for remote work solutions and collaborative tools, migrating to Microsoft Office 365 is becoming an essential strategy. In this blog post, we’ll explore the many benefits of Office 365 migration, how 1-Fix can assist you in the process, and how swift and seamless this transition can be.
