Microsoft Fends Off 2.4 Tbps DDoS Attack
The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.
You likely don't hear about them unless your organization gets tripped up by one but distributed denial of service attacks - attacks in which a surge of traffic floods the bandwidth of a targeted system, bringing their network to a standstill - continue to spike.
The sheer size of these attacks continues to surge; it was disclosed this week that one of the largest on record occurred in August.
The attack, against an unnamed European organization that uses Microsoft Azure, tipped the scales at 2.4 terabytes per second, 140 percent larger than the last attack targeting a single IP seen by Microsoft, a 1 Tbps attack it observed in the COVID-19 pandemic’s infancy, from March to April 2020.
Amir Dahan, a Senior Program Manager with Microsoft's Azure Networking discussed the attack from Microsoft's vantage in a blog on Monday.
According to Dahan, the attack emanated from 70,000 sources, many in and around Asia, including Malaysia, Vietnam, Taiwan, Japan, China and some in the U.S.
While the attack didn't have any repercussions for the organization it targeted - it was mitigated at the aforementioned source countries - Dahan claims the company was still able to learn a great deal from it.
The attack was a UTP reflection attack that lasted for more than 10 minutes “with very short-lived bursts, each ramping up in seconds to terabit volumes.” UDP attacks typically involve spoofing the victim's IP address and sending a request via UDP (User Datagram Protocol) packets for information. DNS resolvers send a response back to the spoofed IP but when its repeated, it can't keep up and in turn, causes a denial of service.
The first peak was the most intense, clocking in at 2.4 Tbps, the second was 0.55 Tbps, and the third was even stronger than the last highest observed DDoS attack, 1.7 Tbps.
The attack will no doubt skew Microsoft's DDoS attack trend figures for Q3. The company claims that while the first half of 2021 saw a 25 percent increase in the number of attacks from Q4 2020, there's actually been a decrease in the strength of the attacks, the maximum attack throughput in the first half of 2021 was only 625 Mbps, down from 1 Tbps in Q3 of 2020.
Cloudflare boasted earlier this summer that it was able to halt a 17.2 million request-per-second (RPS) DDoS attack, one that peaked at 1.2 terabytes per second – the largest it had ever seen - in July. That one was notable for being three times larger than any they'd seen at the time. The attack, which was targeting a financial industry customer, was powered by 20,000 bots from 125 different countries.
The attack Microsoft helped mitigate comes close to the 2.3 Tbps DDoS attack that Amazon's AWS Shield combatted in 2020. Given the number of websites that rely on Amazon Web Services (AWS), if it had gone through, the attack could have been disastrous.
Both attacks echo predictions from experts who have cautioned for several years that stronger, shorter DDoS attacks, sometimes just a few seconds, appear to be the norm going forward. The trend - high-volume attacks with shorter durations - began in 2020 and doesn’t appear to be going away anytime soon.