Google successfully thwarted what the tech giant claims to be the "largest Distributed Denial of Service" (DDoS) attack in history. The company, in collaboration with industry peers, also identified the exploitable vulnerability that allowed the unprecedented attack to occur.

Google's post detailing the incident indicated that the repelled attack volume was seven and a half times larger than any previously recorded DDoS attack. The recent assault clocked in at an astounding peak of 398 million requests per second (rps), soaring from the prior record of 46 million rps set last year.

According to Google, the latest wave of assault launched in late August and persistently targeted major infrastructure providers. This included Google's services, its cloud infrastructure, and its clientele.

The unidentified perpetrators employed an innovative HTTP/2 method, known as the "Rapid Reset", founded on the concept of stream multiplexing to facilitate such a formidable attack. Stream multiplexing is a prominent feature of the widely utilized HTTP/2 protocol, Google added. More technical details about this can be found on.

After recognizing the threat, Google swiftly deployed additional countermeasures and collaborated with fellow industry members who are also HTTP/2 protocol stack users. They jointly unveiled a susceptibility within the protocol stack known as CVE-2023-44487. This high-severity flaw carries a CVSS rating of 7.5 out of 10.

Google advises companies to verify their HTTP/2 servers for any existing vulnerabilities and apply the corresponding patches if needed. They emphasized that organizations managing or operating their HTTP/2-compatible server, regardless of it being open source or commercial, should promptly install patches provided by the concerned vendor.

DDoS attacks, a popular stratagem among cyber offenders, aim to disturb public-facing websites and services on the internet.