Google said in a blog post published Tuesday that its cloud services blocked a large amount of fraudulent traffic — more than seven times the size of the previous record attack that was stopped last year.

Internet security company Cloudflare said the attack was “three times larger than any previous attack we have seen.” Amazon Web Services also confirmed it was hit by “a new type of distributed denial of service (DDoS) event.”

The companies said the attack began in late August. Google said it was ongoing.

Denial of service is one of the most basic forms of web attack and it works by overwhelming targeted servers with a series of fake data requests, making it impossible for legitimate web traffic to get through.

As the online world has grown, so has the power of denial-of-service attacks, some of which can generate millions of bogus requests per second. Recent attacks measured by Google, Cloudflare, and Amazon were capable of generating hundreds of millions of requests per second.

Google said in its blog post that just two minutes of such an attack “generated more queries than the total number of article views reported by Wikipedia in the entire month of September 2023.” Cloudflare said the attack was “unprecedented in scale.”

All three companies said the large-scale attacks were enabled by weaknesses in HTTP/2 — the newer version of the HTTP network protocol that underpins the World Wide Web — that left servers particularly vulnerable to fraudulent requests.

The companies urged businesses to update their web servers to ensure they were no longer vulnerable. None of the three companies said who was responsible for the DDoS attacks, which have historically been difficult to pin down.

If targeted skillfully and not successfully countered, such attacks can lead to widespread disruption. In 2016, a major attack believed to be carried out by the “Mirai” network disrupted a number of high-profile websites.

Mai Anh (according to Reuters)