A hacker tried to take down a Microsoft customer’s internet services with the second largest DDoS attack on record this past August.
On Monday, the company reported it encountered the 2.4Tbps attack targeting a Microsoft Azure customer based in Europe. The current record holder is a 2.5 Tbps assault Google fended off back in 2017.
A DDoS attack essentially tries to down a website or internet service by bombarding the system with a flood of data traffic. To do so, the hacker can sometimes harness botnets, or armies of malware-infected computers, to generate the traffic.
In this case, the attack originated from “70,000 sources” based in countries across Asia and the US, Microsoft says. Whether the hacker used a botnet was left unsaid. But the UDP protocol was exploited in what’s known as a “reflection attack” to amplify the data traffic to 2.4Tbps.
According to Microsoft, the attack lasted for only 10 minutes and occured in waves. “In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps,” Microsoft added.
The attack would’ve been enough to disrupt a company running their own data center. However, Microsoft says it successfully mitigated the attack, thanks to Azure’s DDoS protection service, which is capable of absorbing “tens of terabits of DDoS attacks.”
“This aggregated distributed mitigation capacity can massively scale to absorb the highest volume of DDoS threats, providing our customers the protection they need,” Microsoft adds.
The August attack edges out the 2.3Tbps DDoS incident Amazon experienced in 2020; a hacker exploited hijacked Connection-Less Lightweight Directory Access Protocol (CLDAP) servers to send a flood of traffic to an Amazon AWS customer. However, like Microsoft, Amazon was able to mitigate the assault.
The incidents show that the biggest internet providers can fend off even the mightiest DDoS attacks. Hence, the companies have been using their DDoS protection capabilities to also market their cloud internet services.
In August and September, Cloudflare and Russian internet company Yandex also encountered two massive DDoS attacks. But the assaults occurred over a separate attack vector that exploited HTTP browser-based requests, so the incidents were measured differently.
The incident that hit Cloudflare reached 17.2 million requests per second while the assault on Yandex peaked at nearly 22 million rps. However, both companies say they repelled the attacks.