In November, Microsoft’s Azure DDoS security software reportedly neutralized a significant 3.47 terabits per second (Tbps) DDoS attack on an Azure client in Asia. In December, two new large-scale attacks – a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443 – targeting Asian Azure users were also launched.
“In November, Microsoft mitigated a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), targeting an Azure customer in Asia. We believe this to be the largest attack ever reported in history,” as stated by Alethea Toh, an Azure Networking Product Manager.
“This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.”
Previous widely publicized DDoS attacks included a 21.8 million requests per second (rrps) application layer attack against Yandex, a Russian internet behemoth, in August, and a 2.3 Tbps volumetric attack identified by Amazon Web Services Shield in Q1 2020. Damian Menscher, a Google Security Reliability Engineer, stated two years ago that Google neutralized a 2.54 Tbps DDoS in 2017.
After earlier stating that it thwarted another record 2.4 Tbps attack targeting a European Azure client in late August, the November 3.47 Tbps attack was the company’s greatest to date. In the second half of 2021, Microsoft witnessed an increase in cyberattacks lasting more than an hour and multi-vector attacks like the record-breaking one neutralized in November. These longer-lasting DDoS assaults generally take the form of a series of short-lived, repetitive burst attacks that swiftly scale up to terabit volumes (in seconds).
According to Toh, gaming is still the industry that has taken the worst damage. DDoS assaults have long been common in the gaming sector since gamers frequently make considerable efforts to win. The massive gaming footprint10 in Asia, particularly in China, Japan, South Korea, Hong Kong, and India, can be partly explained by the concentration of attackers there.
This footprint will continue to increase as smartphone adoption promotes the popularity of mobile gaming in Asia. Toh explained that attackers are employing a novel TCP option manipulation approach to dump enormous payloads, in which the TCP option length is greater than the option header itself.