The largest DDoS attack on Microsoft`s Azure

A massive DDoS attack on Microsoft Azure happened in August, 2021. The highest peak in traffic reached 2.4Tbps. Company doesn’t disclose information on customer identity.

DDoS attacks:major threat for cyber security

DDoS attacks are one of the pressing issues in the cyber security field these days. A distributed denial-of-service (DDoS) attack is when a server, network, service, or surrounding infrastructure gets flooded with internet traffic. To conduct such attacks hackers use botnets as generators of traffic. Networked resources like IoT devices and computers are also exploited in this scheme. To put it simply, DDoS attacks look like malicious queries flow which makes the attacked server overloaded.

In Microsoft`s report it says the attack went more than 10 minutes creating short-lived bursts that spiked at 2.4Tbps, 0.55Tbps, and lastly 1.7Tbps. The attack exceeded 140 percent higher than the highest attack bandwidth volume in 2020. Azure endured tens of terabits of the attack and stayed online throughout it.

“The attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States,” tells Amir Dahan, a senior program manager for Microsoft’s Azure networking team.¹

According to Dahan, such an attack shows the increasing ability of hackers to apply large traffic volumes to press the targeted network. Azure’s DDoS protection platform could stand the avalanche because of the special scheme put into it`s work. The main principle is the mitigation pipelines and distributed DDoS detection that allows the platform to absorb tens of terabits. Control plane logic dynamically relocates mitigation resources closest to the attack sources. It ensures that DDoS traffic never reaches the customer region but relocates it to the DDoS source countries.

Rise in DDoS attacks

Additionally, Microsoft shared a report on Azure’s DDoS trends for the first half of 2021 where it shows a 25% increase in attacks compared to Q4 of 2020. Though cyber security specialists from the company observe a decline in maximum attack output. It went from 1 Tbps in Q3 of 2020 to 625 Mbps in the first half of 2021.

Now with this instance of such a massive DDoS attack, cybersecurity specialists predict its significant rise in the future. Specialists from Cisco say that the total number of DDoS attacks might double from the 7.9 million conducted in 2018 to nearly over 15 million in 2023. An interesting fact: the first recorded distributed denial of service attack took place in 1996. Panix, the oldest internet provider, was put offline for several days when SYN flood, a now-classic DDoS attack scheme, was applied.

1. Microsoft report on this attack