Friday, March 29, 2024

The largest DDoS to date, Microsoft mitigates a 3.47 Tbps DDoS attack

Microsoft announced to have mitigated a record 3.47 Tbps distributed denial of service attack targeting an Azure customer, the largest DDoS to date

Updated Aug 2022: NEW RECORD-SETTING DDOS ATTACK

Disclosed August 2022, was the 3rd HTTPS attack this year to get to 10s of millions of RPS, after two lower-volume assaults were mitigated by Cloudflare.

The very first of them peaked at 15.3 million RPS, Cloudflare revealed in April, while the 2nd reached  26 million RPS, the web security company introduced in June. The strike that Google revealed today clearly towers over the previously divulged incidents, as it was roughly 76% bigger compared to the previous record.

The attack, Google states, began at 9:45 am PT, on June 1, as well as lasted for roughly 69 mins. For most of its duration, the attack was low-intensity– it jumped from 100,000 to 46 million RPS within 10 secs, however reduced over the next minute and a fifty percent to the first degrees Read More

Microsoft announced that its Azure DDoS protection platform has mitigated a record 3.47 Tbps attack that targeted one of its customers with a packet rate of 340 million packets per second (pps). The news of the attack was reported in the “Azure DDoS Protection —2021 Q3 and Q4 DDoS attack trends.”

“In November, Microsoft mitigated a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), targeting an Azure customer in Asia. We believe this to be the largest attack ever reported in history.”

“Attack vectors were UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP) comprising one single peak, and the overall attack lasted approximately 15 minutes.”

largest DDoS to date, reads the report.
largest DDoS to date, inbound UDP attack Graph, showing 3.47TBps of traffic
UDP Graph Attack, MS

The Largest DDoS To Date

The largest DDoS to date, took place in November and hit a customer in Asia, it originated from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.

Recommended:  Assange Wins First Stage in Effort to Appeal US Extradition

The 3.47 Tbps attack was the largest DDoS to date that MS has had to mitigate

The IT giant also reported that other two massive DDoS attacks targeted Asian Azure customers in December, they peaked at 3.25 Tbps and 2.55 Tbps respectively.

Microsoft pointed out that as with the first half of 2021, the majority of the DDoS attacks were short-lived, experts observed a rise in attacks that lasted longer than an hour, with the composition more than doubling from 13 percent to 27 percent. The researchers warn that multi-vector attacks continue to remain prevalent.

Predecessor of the Largest DDoS To Date

In October, Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represented the largest DDoS to date recorded, but the recent attack overwhelmed it. The attack hit the Russian internet giant Yandex and was launched by a new DDoS botnet, tracked as Mēris (Latvian word for ‘plague’).

“The concentration of attacks in Asia can be largely explained by the huge gaming footprint10, especially in China, Japan, South Korea, Hong Kong, and India, which will continue to grow as the increasing smartphone penetration drives the popularity of mobile gaming in Asia.” concludes the report. “In India, another driving factor may be that the acceleration of digital transformation, for example, the “Digital India” initiative11, has increased the region’s overall exposure to cyber risks.”

Conclusion

DDoS attacks have evolved a lot over the years, and they changed the meaning of using brute force. It probably won’t be long until we see the next largest DDoS to date. The worst thing is that analysts expect that they will continue to grow bigger, more violent, and more powerful in years to come.

Recommended:  35+ Actionable Tips: Cybersecurity Awareness Month 2022

Hackers are creating bigger botnets by hacking more devices, and the advancements of technology and the introduction of all kinds of smart gadgets are making it happen even faster. The only way to fight against this kind of attack would be to spread awareness about securing user devices. Anything that has a connection to the internet can be used as a device, and the more we progress towards a smart society, the more weapons bad actors get at their disposal.

Meanwhile, DDoS attacks are not only increasing in strength, but also in the number, and there are even services that offer DDoS for hire, which the authorities have desperately tried to dismember for years now, with only partial success.

Article data correct at time of writing, January 27th 2022.

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security