Google, a subsidiary of Alphabet Inc (GOOGL.O), mentioned in a Tuesday blog post that its cloud services successfully fended off malicious traffic that exceeded the volume of the previous largest attack by more than seven times.
Google, a subsidiary of Alphabet Inc (GOOGL.O), mentioned in a Tuesday blog post that its cloud services successfully fended off malicious traffic that exceeded the volume of the previous largest attack by more than seven times.
Cloudflare Inc (NET.N), a major internet security firm, stated that this attack was "triple the magnitude of any attack we've seen before." Additionally, Amazon's (AMZN.O) web services division verified encountering an unprecedented form of distributed denial of service (DDoS) assault.
The triad of companies noted that this massive cyber onslaught commenced in late August, with Google highlighting its continuous nature.
A denial of service attack essentially bombards servers with an overwhelming number of spurious data requests, obstructing legitimate online traffic. Over time, these types of attacks have amplified in intensity, now capable of producing hundreds of millions of false requests each second.
To put things in perspective, Google highlighted that just a two-minute stretch of the attack produced more data requests than the entire month's article views on Wikipedia for September 2023. Cloudflare acknowledged the unparalleled scale of the assault.
The heightened severity of these recent attacks is attributed to a vulnerability in HTTP/2, the latest iteration of the protocol foundational to the internet. This flaw leaves servers especially susceptible to malicious requests.
All three tech leaders are emphasizing the need for businesses to upgrade their servers to counteract this vulnerability.
The entities behind these formidable attacks remain unidentified, as tracing such cyber-activities has historically proven challenging. Without adequate defenses, these types of attacks have the potential to cause widespread online chaos. For instance, in 2016, the "Mirai" botnet targeted domain service Dyn, leading to outages across numerous major websites.
The US cybersecurity agency, CISA, has yet to comment on the situation.
Sara Montes de Oca is the Editor in Chief of TechEchelon. Previously a correspondent and producer in Washington, D.C., covering business, finance, and politics.
More from Sara →CISA has confirmed active exploitation of CVE-2026-20253, a critical Splunk Enterprise flaw that allows unauthenticated remote attackers to manipulate files, and ordered federal civilian agencies to patch by Sunday under Binding Operational Directive 26-04.
Market intelligence platform Klue has confirmed attackers stole OAuth tokens connected to customer Salesforce environments on June 12, as the newly emerged Icarus extortion group publicly claims responsibility and the list of affected organizations continues to grow.
Human Rights Watch obtained Bulgarian export licensing records showing surveillance firm Circles sold phone-interception and geolocation tools to ten governments — including the UAE, Bahrain, and Azerbaijan — between 2018 and 2023, raising fresh questions about the EU's export control enforcement.
Written for readers who already know the basics — markets, AI, and the policy decisions that shape both.