Akamai reckons it blocked what may be the largest distributed denial-of-service attack ever, in terms of packets per second.
The content delivery network today said it successfully warded off the mammoth traffic flood, even as it was hit with a peak load of 809 million packets per second (PPS).
The attack, which began on 21 June, was directed at an unspecified European bank. The security team told The Register it is the largest such attack Akamai has ever encountered, let alone blocked, and the CDN believes that it is likely the largest DDoS attack to hit any network, in terms of packets per second.
"We believe this is a new industry record for PPS-focused attacks, and well over double the size of the previous high-water mark on the Akamai platform, just one week after Akamai announced another massive DDoS attack," Akamai said in its report on the digital tsunami. "Looking holistically at DDoS activity since the onset of 2020, it is clear that large, sophisticated DDoS attacks are still a significant attack vector."
Akamai could not say if there was any ulterior motivation behind the barrage (ie, to use the DDoS as a distraction) but the security team told El Reg that the bank in question has had to deal with fairly frequent attacks, so it might just be the latest (and largest) of a number of attempts to knock the institution offline.
DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offlineREAD MORE
What was unusual to the Akamai researchers was how the attack began and ended (or was mitigated) with extraordinary speed.
"The attack grew from normal traffic levels to 418Gbps in seconds, before reaching its peak size of 809Mpps in approximately two minutes," Akamai said. "In total, the attack lasted slightly less than 10 minutes."
For what it's worth, Amazon Web Services claimed in May it mitigated a 2.3Tbps flood against a target, though Akamai claims it stopped a larger attack, in terms of packets per second.
The assault was not only large in volume, but also in source. It is believed that the botnet wrangler behind the flood was in command of a massive number of infected PCs, many of them being used as part of a DDoS attack for the first time.
"It was highly unusual that 96.2 per cent of source IPs were observed for the first time (or at a minimum, were not being tracked as being part of attacks in recent history)," the Akamai team explained.
"We had observed a number of different attack vectors coming from the 3.8 per cent of remaining source IPs, both matching the single attack vector seen in this attack and aligned to others. In this case, most of the source IPs could be identified within large internet service providers via autonomous system (AS) lookups, which is indicative of compromised end-user machines."
Unfortunately, Akamai believes that these sort of high-volume DDoS operations are only going to continue, and possibly even grow further. The CDN noted that it had tracked another massive attack in the week prior to the June operation, and financial services (along with internet and telecoms) are among the most popular targets. ®