Microsoft Reports Business-as-Usual Against One of the Biggest DDoS Attacks Ever
In the last week of August, a 2.4 Tbps Distributed Denial-of-Service (DDoS) attack was launched on a Microsoft customer based in Europe but was successfully mitigated, the company said in a blog post. According to the company, this is the biggest ever DDoS attack ever recorded on Azure systems. Recently, Russian tech giant Yandex had also reported DDoS attacks in the months of August and September.
A DDoS is a type of cyber-attack wherein large amounts of traffic are sent to the host server with the intention of overwhelming its traffic handling capacities and disrupting services for actual users. The extent of the attack is measured in terabits of traffic received per second and the reported attack is one of the largest that the service providers such as Microsoft, Google, and Amazon Web Services have seen in recent years.
Microsoft's Senior Program Manager for its Azure Networking Services, Amir Dahan, reported in the blog that the attack traffic originated from 70,000 sources hailing from multiple countries in Asia-Pacific such as Malaysia, Vietnam, Taiwan, Japan, and China but also included some from the United States as well.
The attack lasted only for 10 minutes and involved short bursts of terabit volumes that ramped up in a few seconds. Majorly three peaks were noted by the networking provider with the highest peaking at 2.4 Tbps while the other two reached highs of 0.55 Tbps and 1.7 Tbps respectively.
Microsoft attributed the mitigation success to its distributed DDoS detection and its control plane logic that allocates mitigation resources closest to the source of the attack.
As the world has adopted more digital tools following the COVID-19 pandemic, a robust strategy to respond to a DDoS attack needs utmost attention. Had the target been running its own data center, it is likely to have gone down in the attack and caused financial losses to the unnamed customer, Microsoft claimed.
Prior to this, Microsoft had observed a 1 Tbps attack in 2020 but other service providers have seen higher intensity attacks, The Verge reported. Last year Amazon Web Services mitigated a 2.3 Tbps attack while in 2018 NetScout Arbor mitigated a 1.7 Tbps attack. According to The Verge, the largest attack recorded was a 2.54 Tbps attempt thwarted by Google in 2017 but reported only last year.