The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Microsoft Fends Off 2.4 Tbps DDoS Attack

by Chris Brook on Wednesday October 13, 2021

Contact Us
Free Demo

The attack was reportedly 140 percent higher than a 1 Tbps attack it saw in 2020 and higher than any network volumetric event the company previously detected.

You likely don't hear about them unless your organization gets tripped up by one but distributed denial of service attacks - attacks in which a surge of traffic floods the bandwidth of a targeted system, bringing their network to a standstill - continue to spike.

The sheer size of these attacks continues to surge; it was disclosed this week that one of the largest on record occurred in August.

The attack, against an unnamed European organization that uses Microsoft Azure, tipped the scales at 2.4 terabytes per second, 140 percent larger than the last attack targeting a single IP seen by Microsoft, a 1 Tbps attack it observed in the COVID-19 pandemic’s infancy, from March to April 2020.

Amir Dahan, a Senior Program Manager with Microsoft's Azure Networking discussed the attack from Microsoft's vantage in a blog on Monday.

According to Dahan, the attack emanated from 70,000 sources, many in and around Asia, including Malaysia, Vietnam, Taiwan, Japan, China and some in the U.S.

While the attack didn't have any repercussions for the organization it targeted - it was mitigated at the aforementioned source countries - Dahan claims the company was still able to learn a great deal from it.

The attack was a UTP reflection attack that lasted for more than 10 minutes “with very short-lived bursts, each ramping up in seconds to terabit volumes.” UDP attacks typically involve spoofing the victim's IP address and sending a request via UDP (User Datagram Protocol) packets for information. DNS resolvers send a response back to the spoofed IP but when its repeated, it can't keep up and in turn, causes a denial of service.

The first peak was the most intense, clocking in at 2.4 Tbps, the second was 0.55 Tbps, and the third was even stronger than the last highest observed DDoS attack, 1.7 Tbps.

The attack will no doubt skew Microsoft's DDoS attack trend figures for Q3. The company claims that while the first half of 2021 saw a 25 percent increase in the number of attacks from Q4 2020, there's actually been a decrease in the strength of the attacks, the maximum attack throughput in the first half of 2021 was only 625 Mbps, down from 1 Tbps in Q3 of 2020.

Cloudflare boasted earlier this summer that it was able to halt a 17.2 million request-per-second (RPS) DDoS attack, one that peaked at 1.2 terabytes per second – the largest it had ever seen - in July. That one was notable for being three times larger than any they'd seen at the time. The attack, which was targeting a financial industry customer, was powered by 20,000 bots from 125 different countries.

The attack Microsoft helped mitigate comes close to the 2.3 Tbps DDoS attack that Amazon's AWS Shield combatted in 2020. Given the number of websites that rely on Amazon Web Services (AWS), if it had gone through, the attack could have been disastrous.

Both attacks echo predictions from experts who have cautioned for several years that stronger, shorter DDoS attacks, sometimes just a few seconds, appear to be the norm going forward. The trend - high-volume attacks with shorter durations - began in 2020 and doesn’t appear to be going away anytime soon.

Tags: DDoS

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.