Microsoft mitigated 'largest ever' 2.4Tbps DDoS attack

Microsoft claims to have mitigated a record 2.4Tbps DDoS attack targeting one of its Azure customers in Europe during the last week of August.

The company said the attack was140% larger than than the highest attack bandwidth volume Microsoft recorded in 2020 and higher than any network volumetric event previously detected on Azure. It also surpasses the previous largest DDoS attack, which peaked at 2.3Tbps and was directed at Amazon Web Services (AWS) last year.

It said the attack traffic originated from around 70,000 sources and from multiple countries in the Asia-Pacific region, including Malaysia, Vietnam, Japan, and China, as well as the US. The attack spanned over 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes.

The company monitored three main peaks, the first at 2.4Tbps, the second at 0.55Tbps, and the third at 1.7Tbps.

Microsoft’s attack mitigation lifecycle is orchestrated by its control plan logic that dynamically allocates mitigation resources to the most optimal locations, closest to the attack sources. This meant that the attack traffic, which originated in the Asia-Pacific region and the US, did not reach the customer region but was instead mitigated at the source countries.

“Azure’s DDoS mitigation employs fast detection and mitigation of large attacks by continuously monitoring our infrastructure at many points across the network,” said Amir Dahan, senior programme manager at Azure Networking.

“When deviations from baselines are extremely large, our DDoS control plane logic cuts through normal detection steps, needed for lower-volume floods, to immediately kick-in mitigation. This ensures the fastest time-to-mitigation and prevents collateral damage from such large attacks.”

Dahan added that the customer did not suffer any impact or downtime, but if they had been running their own data centre instead of using Azure, they would most probably have incurred extensive financial damage as well as other intangible costs.

In 2020, Google revealed its infrastructure absorbed a 2.5Tbps DDoS attack three years previous. The attack was the culmination of a six-month campaign launched by Chinese-backed hackers that used multiple methods of attack, which ultimately had no material impact.