We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Record-Breaking DDoS Attacks Target Major Web Companies

Record-Breaking DDoS Attacks Target Major Web Companies
Author Image Husain Parvez
Husain Parvez Published on 15th October 2023 Cybersecurity Researcher

Major internet giants, including Google, Amazon, and Cloudflare, have recently fallen victim to the largest distributed denial-of-service (DDoS) attacks ever recorded. These unprecedented attacks have sent shockwaves throughout the tech industry, raising concerns about the vulnerability of the internet's infrastructure.

According to a blog post by Cloudflare, the company observed and repelled a massive DDoS attack in August, which surpassed the previous record set in February. The attack was three times larger in scale, with Cloudflare registering a peak of 201 million requests per second across its infrastructure.

Google's cloud infrastructure also faced a similar onslaught, with an attack rate nearly twice that of Cloudflare's. As reported by Google, the tech giant mitigated an attack in August that peaked at a staggering 398 million requests per second (RPS). To put this in perspective, an attack they faced in August 2022 peaked at 46 million RPS, equivalent to "receiving all the daily requests to Wikipedia in just 10 seconds."

A significant factor behind these large-scale attacks is a newly discovered vulnerability in the HTTP/2 protocol. This vulnerability, tracked as CVE-2023-44487, allows threat actors to flood websites with massive amounts of traffic, rendering them temporarily unavailable. The exploitation technique, known as the HTTP/2 Rapid Reset Attack, has been a cause for concern among cybersecurity experts.

Concerningly, these extremely large-scale DDoS attacks do not require a huge number of machines to create it. The botnet behind the attack consisted of only about 20,000 individual endpoints, yet it managed to cause significant disruption.

Amazon's Web Services (AWS) also witnessed a similar attack on their infrastructure. Senior Amazon security officials Tom Scholl and Mark Ryland, mentioned that between August 28 and August 29, 2023, they observed an attack peaking at over 155 million requests per second.

In response to these threats, major tech companies have collaborated to share technical details and develop mitigation strategies. They have urged providers using the HTTP/2 protocol to assess vulnerabilities and apply security patches promptly.

Cloudflare's Chief Information Security Officer, Grant Bourzikas, emphasized the seriousness of the situation in a separate blog post, recommending that companies treat this exploit with utmost priority. He advised network security managers to understand their external connectivity, ensure DDoS protection lies outside their data center, and deploy patches across all internet-facing web servers.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.