Mar 10 2023

Akamai mitigated a record-breaking DDoS attack that peaked 900Gbps

Category: DDoSDISC @ 10:42 am
Akamai mitigated a record-breaking DDoS attack that peaked 900Gbps

Akamai reported that on February 23, 2023, at 10:22 UTC, it mitigated the largest DDoS attack ever. The attack traffic peaked at 900.1 gigabits per second and 158.2 million packets per second. The record-breaking DDoS was launched against a Prolexic customer in Asia-Pacific (APAC).

“On February 23, 2023, at 10:22 UTC, Akamai mitigated the largest DDoS attack ever launched against a Prolexic customer based in Asia-Pacific (APAC), with attack traffic peaking at 900.1 gigabits per second and 158.2 million packets per second.” reads the post published by Akamai.

DDoS

The company pointed out that the attack was intense and short-lived, with most attack traffic bursting during the peak minute of the attack. The overall attack lasted only a few minutes.

Akamai mitigated the attack by redirecting the malicious traffic through its scrubbing network.

Most of the malicious traffic (48%) was managed by scrubbing centers in the APAC region, but the company claims that all its 26 centers were loaded, with only one center in HKG handling 14,6% of the total traffic.

Akamai states that there was no collateral damage thanks to its defense.

The previous record-breaking distributed denial of service attack mitigated by Akamai hit a company customer in Europe on September 2022. At the time, the malicious traffic peaked at 704.8 Mpps and appeared to originate from the same threat actor behind another record-breaking attack that Akamai blocked in July and that hit the same customer.

In January, Microsoft announced that its Azure DDoS protection platform has mitigated a record 3.47 Tbps attack that targeted one of its customers with a packet rate of 340 million packets per second (pps).

The attack took place in November and hit a customer in Asia, it originated from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.

The 3.47 Tbps attack was the largest one Microsoft has mitigated to date, likely the massive one ever recorded.

Previous posts on DDoS

Distributed Denial of Service Attacks: Real-world Detection and Mitigation


InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: ddos, Distributed Denial of Service Attacks

Dec 30 2022

Cybercriminals create new methods to evade legacy DDoS defenses

Category: Cybercrime,DDoSDISC @ 10:40 am
Cybercriminals create new methods to evade legacy DDoS defenses

The number of DDoS attacks we see around the globe is on the rise, and that trend is likely to continue throughout 2023, according to Corero. We expect to see attackers deploy ever higher rate request-based or packets-per-second attacks.

“DDoS attacks have historically focused around sending packets of large sizes with the aim to paralyze and disrupt the internet pipeline by exceeding the available bandwidth. Recent request-based attacks, however, are sending smaller size packets, to target higher transaction processing to overwhelm a target. Those with responsibility for network health and internet service uptime should be taking note of this trend,” explained Corero CTO, Ashley Stephenson.

Legal responsibility

Corero also predicts that 2023 will see more breaches being reported, because of the increasing trend for transparency in data protection regulations. Regulations such as the UK Government’s Telecoms Security Bill will compel organizations to disclose more cyber-incidents publicly.

We are also likely to see the legal responsibility for bad corporate behaviour when dealing with breaches being linked to individual executives. Examples such as Joe Sullivan, the former head of security at Uber, who was recently found guilty of hiding a 2016 breach, could set a precedent for linking data protection decisions to the personal legal accountability of senior executives.

Evading DDoS defenses

Attackers will continue to make their mark in 2023 by trying to develop new ways to evade legacy DDoS defenses. We saw Carpet Bomb attacks rearing their head in 2022 by leveraging the aggregate power of multiple small attacks, designed specifically to circumvent legacy detect-and-redirect DDoS protections or neutralize ‘black hole’ sacrifice-the-victim mitigation tactics. This kind of cunning will be on display as DDoS attackers look for new ways of wreaking havoc across the internet and attempt to outsmart existing thinking around DDoS protection.

In 2023, the cyberwarfare that we have witnessed with the conflict in Ukraine will undoubtedly continue. DDoS will continue to be a key weapon in the Ukrainian and other conflicts both to paralyse key services and to drive political propaganda objectives. DDoS attack numbers rose significantly after the Russian invasion in February and DDoS continues to be used as an asymmetric weapon in the ongoing struggle.

Earlier this year, in other incidents related to the conflict, DDoS attackers attempted to disrupt the Eurovision song contest in an attempt to frustrate the victory of the Ukrainian contestants. Similarly, when Elon Musk showed support for Ukraine by providing Starlink satellite broadband services, DDoS attackers tried to take the satellite systems offline and deny Ukraine much needed internet services.

“Throughout 2022 we observed DDoS attacks becoming increasingly sophisticated while at the same time the DDoS attack surface is expanding. With the number of recorded attacks on the rise and significant shifts in attackers’ motives and goals, 2023 will require organizations to ensure they have robust DDoS defense in place,” said Lionel Chmilewsky, CEO at Corero Network Security.

DDoS

AWS Best Practices for DDoS Resiliency

DDoS Defense Standard Requirements

Infosec books | InfoSec tools | InfoSec services

Tags: ddos

Aug 21 2022

Google says it stopped the largest DDoS attack ever recorded in June

Category: DDoSDISC @ 1:11 pm
Google says it stopped the largest DDoS attack ever recorded in June

One of Google’s customers was targeted with the largest distributed denial of service (DDoS) attack ever recorded, according to a report the company released this week.

Attributed to Google Cloud Armor Senior Product Manager Emil Kiner and Technical Lead Satya Konduru, the report details the June 1 incident, in which a Google customer was hit with a series of HTTPS DDoS attacks, peaking at 46 million requests per second. 

To put it in perspective, they compared the attack to “receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.”

“This is the largest Layer 7 DDoS reported to date — at least 76% larger than the previously reported record,” they wrote.

In June, Cloudflare announced it had stopped the largest HTTPS distributed denial of service (DDoS) attack ever recorded at 26 million requests per second, surpassing a then-record attack of 17.2 million requests, which at the time was almost three times larger than any previous volumetric DDoS attack ever reported in the public domain.

Both Cloudflare and Google have expressed concerns about the evolution of DDoS attacks in recent years as they grow in frequency and exponentially in size.

“Today’s internet-facing workloads are at constant risk of attack with impacts ranging from degraded performance and user experience for legitimate users, to increased operating and hosting costs, to full unavailability of mission critical workloads,” Kiner and Konduru explained. 

The engineers said the attack started at 9:45 a.m. PST on June 1 and featured more than 10,000 requests per second. Within eight minutes, it grew to 100,000 requests per second. According to the report, Cloud Armor Adaptive Protection detected the attack and issued a “recommended rule” to block the incoming traffic, which the target’s security team put into place.

Two minutes later, the attack grew to its peak of 46 million requests per second before ending a little over an hour later.

“Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack,” they wrote.

The hackers behind the attack used more than 5,000 source IPs from 132 countries to launch the attack, with the top 4 countries – Brazil, India, Russia and Indonesia – contributing about 31% of the total attack traffic.

https://

therecord.media
/google-says-it-stopped-the-largest-ddos-attack-ever-recorded-in-june/

DDoS Protection

Tags: ddos, DDoS Protection