Happy Cybersecurity Awareness Month! What are DDoS attacks?
Did you know October has been Cybersecurity Awareness Month since 2004? Today's DDoS attack mitigated by Cloudflare is about 10x larger than previous attacks. Google faced a massive DDoS (Distributed Denial of Service) attack this time last year. Microsoft 365 was knocked offline earlier this year by massive attack.
Though both companies handled the attacks successfully, they faced different types of threats.
What Are DDoS Attacks?
A DDoS attack happens when a network or server is overwhelmed by a massive amount of fake traffic. The goal is to disrupt a server, service, or network by overwhelming it with a flood of internet traffic. Imagine a crowd of people trying to push through a single doorway simultaneously—no one can get in, and everything gets stuck.
Types of DDoS Attacks
DDoS attacks generally fall into three categories. Each has a different goal and method of disruption, but all aim to take systems offline and prevent normal operations.
Volumetric Attack - sending thousands of fake customers into a store, leaving no room for real shoppers to enter.
Protocol Attack - reserving all the tables at a restaurant, but never showing up, so no one else can get a seat.
Resource-layer Attack - bombarding a cashier with nonsensical questions, so they can't help real customers.
Type of Attack | Description | Example |
Volumetric Attack | Overwhelms the network with large amounts of traffic, often appearing legitimate. | DNS Amplification: Floods a target with DNS response data. |
Protocol Attack | Exploits weaknesses in the network protocol, disrupting services by consuming server resources. | SYN Attack: Overloads the server with connection requests. |
Resource-Layer Attack | Targets the application layer (Layer 7), disrupting data transmission between hosts. | SQL Injection: Manipulates web databases through malicious inputs. |
Google’s Layer 7 DDoS Attack: The Rapid Reset Trick
Google’s attack was a Layer 7 DDoS, targeting their applications directly. The attackers used a new method in the HTTP/2 protocol called the “Rapid Reset” technique.
How it works: HTTP/2 allows multiple streams of data at once. Attackers opened and closed these streams super quickly, forcing Google’s servers to reset constantly. This type of attack is like giving someone too many tasks all at once until they burn out. Google tracked this at a record-breaking 398 million requests per second!
Vulnerability: The attack took advantage of a flaw in HTTP/2 (CVE-2023-44487). Fixing it required global cooperation between companies and security experts.
Cloudflare’s Layer 3/4 Attack: Flooding the Network
Cloudflare faced a different type of DDoS attack, one focused on flooding their network with an insane amount of data—3.8 Tbps! This kind of attack aims to overload the pipes of the internet, leaving no room for real traffic to pass through.
How it works: Think of it like filling a highway with so many cars that no one can move, blocking all traffic. Instead of targeting specific servers or applications, Cloudflare's attackers wanted to flood the internet bandwidth to take down entire systems.
Impact: This attack didn’t focus on any specific vulnerability. It was all about sending huge amounts of data as quickly as possible, overwhelming network capacity.
Key Differences
To break down how these two companies defended against DDoS attacks, let’s compare the Google and Cloudflare events. Here are the main differences:
Aspect | Google DDoS Attack | Cloudflare DDoS Attack |
Layer of Attack | Application Layer (Layer 7) | Network/Transport Layer (Layer 3/4) |
Technique Used | Exploited HTTP/2’s Rapid Reset technique | Hyper-volumetric attack, overwhelming bandwidth |
Metric Tracked | Requests per second (398 million rps) | Data throughput (3.8 terabits per second, Tbps) |
Vulnerability | CVE-2023-44487 (industry-wide vulnerability in HTTP/2) | General high-volume attack without specific vulnerabilities |
Focus | Overwhelming server resources by making them reset rapidly | Flooding internet traffic to block all legitimate traffic |
What This Means for Your Business
These attacks show how critical it is to have the right defense in place before the attack. The bad guys are creative, practical, and persistent. We need to do the same.
Has Multi Factor Authentication (MFA) been deployed?
When's the last time you conducted a security audit of your Google Workspace admin console?
What's your Microsoft 365 Security score?
Are you leveraging the security features available with popular services like Dropbox and Zoom?
How Can LeewardCloud Help?
We offer expert support in securing your cloud infrastructure against threats. Contact us today to discuss how we can safeguard your systems for free!
Comments