Google and Amazon are targets of hacker attack – 10/12/2023 – Tech

Internet companies Google, Amazon and Cloudflare said they had withstood the biggest hacker attack to disrupt their services and warned about a new technique that could easily cause a widespread outage.

Google said in a blog post published on Tuesday that its cloud services had prevented an avalanche of malicious traffic more than seven times larger than the previous record attack foiled last year.

Amazon’s web services division also confirmed it had been hit by “a new type of DDoS (distributed denial of service) event.” Internet protection company Cloudflare reported that the attack was “three times larger than any previous attack ever observed.”

The three companies said the attack began in late August. According to Google, the attack is still ongoing.

Denial of service is one of the most basic forms of web attacks and works by simply overwhelming target servers with a barrage of fake data requests, making it impossible for legitimate web traffic to proceed.

As the online world has developed, so has the power of denial-of-service operations, some of which can generate millions of false requests per second. Recent attacks measured by Google, Cloudflare and Amazon were capable of generating hundreds of millions of requests per second.

Google said in its blog post that just two minutes of one of these attacks “generated more requests than the total number of article views reported by Wikipedia for the entire month of September 2023.” Cloudflare assessed that the attack was of a magnitude that “has never been seen before”.

The three companies reported that the large-scale attacks were made possible by a vulnerability in HTTP/2 – a newer version of the HTTP networking protocol that underpins the World Wide Web – that makes servers particularly vulnerable to malicious requests.

The companies recommended other companies update their web servers to ensure they do not remain vulnerable.

None of the three companies said who was responsible for the denial-of-service attacks, which have historically been difficult to identify.

If targeted intelligently and without due countermeasures, such attacks can lead to widespread disruption. In 2016, an attack attributed to the “Mirai” network of hijacked devices hit the Dyn domain name service, disrupting a number of websites.

The U.S. government’s cybersecurity agency, CISA, did not immediately return a message seeking comment.