Microsoft and Google Halt “Largest” Cyberattack on Record

Along with Cloudflare and Amazon, the two tech titans have thwarted a DDoS attack that deployed a never-seen-before tactic.

Google, Microsoft, Cloudflare, and ecommerce giant Amazon have thwarted what is being touted as the biggest Distributed-Denial-of-Service (DDoS) attack on record – and it’s not even a close run thing.

The attack – which took place over the last two months – is thought to be more than seven times the size of the prior record DDoS. Google says it deployed “novel” techniques to try and disrupt multiple internet infrastructure services.

A number of powerful DDoS attacks have occurred over the last two years – which is concerning considering any internet-connected company or organization could be vulnerable to an attack of this kind.

Google Tracks Biggest Ever Attack

Google’s DDoS Response Team – as well as Microsoft, Cloudflare, and AWS – have all revealed that they all played a hand in mitigating the internet’s biggest DDoS attack.

The tech giant revealed in a blog post this week that at its peak, the attack reached 398 million requests per second.

The number of requests generated in a two-minute period during this attack surpassed the total number of views Wikipedia articles received in November.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special offer.See deal button

However, other companies involved in mitigating the attack offer slightly different figures, with Cloudflare charting 201 million rps and Amazon 115 million rps at its peak. All three figures would be considered records at present.

Google says the attack was orchestrated “using a novel “Rapid Reset” technique that leverages stream multiplexing, a feature of the widely-adopted HTTP/2 protocol.”

HTTP/2 accelerates website loading times by allowing multiple requests to be sent over the same connection at the same time. The DDoS attack in question effectively automated this process and repeated it over and over again.

What Is a DDoS Attack, and Why Do They Happen?

In Distributed Denial of Service attacks, a threat actor will harness a multitude of computational resources – often from remote locations – and direct a huge number of requests to a specific server or network, such as one belonging to a website. Sometimes, Bot armies – or “botnets‘ – are utilized for this purpose.

The goal is to overwhelm the target server with requests in the hope that it crashes and the owners are forced to take it offline or shut it down. DDoS attacks differ from the likes of ransomware attacks in the sense that they don’t really involve hacking into anything – it’s all about wreaking as much havoc as possible.

DDoS attacks are commonly used to distract from other larger, more advanced attacks targeting the same network, or to ensure that a given company or organization is forced to allocate significant defensive resources to deal with it, making them more vulnerable to subsequent attacks that have yet to be waged.

DDoS Attacks Keep on Growing

As we’ve covered, the DDoS attack that was launched in August and September of this year reached a peak of around 398 million rps:

Google ddos attack tracking

Image credit: Google.

This eclipses the previous request record of 71 million rps recorded during an attack that took place at the beginning of this year, mitigated by Cloudflare.

That attack itself was significantly bigger than 2022’s largest DDoS attack, which Google says peaked at 46 million rps. This was the second time the record was broken last year, with Cloudflare stopping a DDoS attack peaking at 26 million rps in early June of 2022.

Google says that the exponential growth in the size of these attacks is “less concerning, though problematic” when the rate at which the internet grows is taken into account.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Aaron Drapkin is a Lead Writer at He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol five years ago. As a writer, Aaron takes a special interest in VPNs, cybersecurity, and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals