Google says it was the target of a massive 2.5 Tbps DDoS attack in September 2017, the highest bandwidth attack ever reported.
In a blog post exploring the growth of distributed denial-of-service (DDoS) attacks, Google revealed that it was the target of a six-month campaign that utilized multiple methods of attack.
“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact,” wrote Damian Menscher, a Google security reliability engineer, in the blog.
“The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us. This demonstrates the volumes a well-resourced attacker can achieve.”
According to Menscher, that attack was four times larger than the “record-breaking 623 Gbps attack from the Mirai botnet” last year, and is also the highest-bandwidth attack reported to date.
In a separate post, the company said its security team measured the attack, which appears to be from several Chinese ISPs.
The attack is even larger than a 2.3 Tbps DDoS attack on Amazon in February, which was then thought to be the largest such cyberattack ever recorded. Amazon didn’t identify the targeted customer.
It caused three days of elevated threat during a single week in February, according to Amazon.
Google’s disclosure comes as the company is warning IT teams – particularly those close to political groups and elections – that cyber attacks are increasing as global events like the COVID-19 pandemic and campaign season present golden opportunities for state actors and hackers.
Google in June announced it detected phishing attacks against staffers for both the Biden and Trump campaigns by Chinese and Iranian actors. Attackers used targeted malware campaigns, python-based implants using Dropbox and an impersonation of antivirus software McAfee.
“Overall, we’ve seen increased attention on the threats posed by APTs in the context of the U.S. election,” wrote Shane Huntley of Google’s Threat Analysis Group, in a blog post.
“U.S government agencies have warned about different threat actors, and we’ve worked closely with those agencies and others in the tech industry to share leads and intelligence about what we’re seeing across the ecosystem. This has resulted in action on our platforms, as well as others. Shortly after the U.S. Treasury sanctioned Ukrainian Parliament member Andrii Derkach for attempting to influence the U.S. electoral process, we removed 14 Google accounts that were linked to him.”