Google's threat analysis group revealed that state-sponsored hackers launched the largest distributed denial-of-service (DDoS) attack against the company in 2017. The attack was launched by a Chinese Advanced Persistent Threat (APT) group ), often referred to as APT31, and lasted for over six months, during which time it peaked at 2,5 Tbps traffic. According to a new blog post from Google's threat analysis group director Shane Huntley, the company's security reliability engineering team measured an unprecedented UDP amplification attack originating from four Chinese Internet access providers. (ISP). Huntley provided more information on the use of DDoS attacks by state-sponsored hackers in his article, saying: “Although it is less common to see DDoS attacks than phishing or hacking campaigns by government-backed threat groups, we have I've seen larger players increase their capabilities to launch large-scale attacks in recent years. . "
Increasing DDoS attacks
While other cyberattacks are designed to steal user data from companies, DDoS attacks aim to disrupt an organization's service with unnecessary traffic flow. If these attacks are not mitigated in a timely manner, they can lead to a loss of user trust, which can damage a company's reputation and bottom line. Organizations defending against DDoS attacks must consider all potential targets for a network layer attack, including routers, switches, and the link capability to the application layer including web servers. DNS and mail. However, some attacks do not focus on a single target, but attack all IP addresses on a network. To better understand trends in DDoS attack volumes, Google groups volumetric attacks by network bits per second (bps) for attacks targeting network links, network packets per second for attacks targeting network equipment or DNS servers, and by HTTP (S) Requests per second (rps) for attacks targeting application servers. This allows the business to focus on ensuring that each system is strong enough to withstand attacks. In addition to the DDoS attack recorded by Google in 2017, the company also shared more details about some of the largest DDoS attacks on record. These include a 690 Mbps attack spawned by an IoT botnet earlier this year, as well as a 2014 man-in-the-middle (MitM) network attack that flooded YouTube with requests that peaked at 2 million requests per second (Mrps). The 7 Tbps attack Google suffered in 2.5 had no impact, as the company reported thousands of vulnerable servers to its network providers and worked with them to trace the origin of spoofed packets so they can be filtered. Google believes that we must work together for collective security to reduce the impact of DDoS attacks. To do this, individual users need to ensure their devices are patched and secure, while enterprises need to report criminal activity, ask network providers to trace the sources of spoofed attack traffic, and share information about attackers. attacks. with the online community.