On June 1, Google Cloud blocked what it claims to be the largest Layer 7 DDoS attack. On that date, a Google Cloud Armor customer was targeted with a series of HTTPS DDoS attacks which peaked at 46 million requests per second.
In addition to its unexpectedly high volume of traffic, Google noted sever other noteworthy characteristics of the attack. There were 5,256 source IPs from 132 countries contributing to the attack. pproximately 22% (1,169) of the source IPs corresponded to Tor exit nodes, although the request volume coming from those nodes represented just 3% of the attack traffic. Also, the geographic distribution and types of unsecured services leveraged to generate the attack matched the MÄ“ris family of attacks.