Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

There are DDoS attacks, then there's this 809 million packet-per-second tsunami Akamai says it just caught

Bank on the receiving end of massive 418Gbps traffic barrage

Shaun Nichols in San Francisco Thu 25 Jun 2020  //  10:03 UTC

Akamai reckons it blocked what may be the largest distributed denial-of-service attack ever, in terms of packets per second.

The content delivery network today said it successfully warded off the mammoth traffic flood, even as it was hit with a peak load of 809 million packets per second (PPS).

The attack, which began on 21 June, was directed at an unspecified European bank. The security team told The Register it is the largest such attack Akamai has ever encountered, let alone blocked, and the CDN believes that it is likely the largest DDoS attack to hit any network, in terms of packets per second.

"We believe this is a new industry record for PPS-focused attacks, and well over double the size of the previous high-water mark on the Akamai platform, just one week after Akamai announced another massive DDoS attack," Akamai said in its report on the digital tsunami. "Looking holistically at DDoS activity since the onset of 2020, it is clear that large, sophisticated DDoS attacks are still a significant attack vector."

Akamai could not say if there was any ulterior motivation behind the barrage (ie, to use the DDoS as a distraction) but the security team told El Reg that the bank in question has had to deal with fairly frequent attacks, so it might just be the latest (and largest) of a number of attempts to knock the institution offline.

DNS this week stands for Drowning Needed Services: Design flaw in name server system can be exploited to flood machines offline

READ MORE

What was unusual to the Akamai researchers was how the attack began and ended (or was mitigated) with extraordinary speed.

"The attack grew from normal traffic levels to 418Gbps in seconds, before reaching its peak size of 809Mpps in approximately two minutes," Akamai said. "In total, the attack lasted slightly less than 10 minutes."

For what it's worth, Amazon Web Services claimed in May it mitigated a 2.3Tbps flood against a target, though Akamai claims it stopped a larger attack, in terms of packets per second.

The assault was not only large in volume, but also in source. It is believed that the botnet wrangler behind the flood was in command of a massive number of infected PCs, many of them being used as part of a DDoS attack for the first time.

"It was highly unusual that 96.2 per cent of source IPs were observed for the first time (or at a minimum, were not being tracked as being part of attacks in recent history)," the Akamai team explained.

"We had observed a number of different attack vectors coming from the 3.8 per cent of remaining source IPs, both matching the single attack vector seen in this attack and aligned to others. In this case, most of the source IPs could be identified within large internet service providers via autonomous system (AS) lookups, which is indicative of compromised end-user machines."

Unfortunately, Akamai believes that these sort of high-volume DDoS operations are only going to continue, and possibly even grow further. The CDN noted that it had tracked another massive attack in the week prior to the June operation, and financial services (along with internet and telecoms) are among the most popular targets. ®
Send us news
50 Comments

Alibaba Cloud reveals network telemetry tool that helped cut number of engineers needed by 86%

Zoonet employs 'elegant generalization of ping and traceroute' among other tricks

Feline firewall woke developer to declaw DDoS disaster

System alerts were pinging but cat had no way of knowing what was happening

HPE bakes LLMs into Aruba as AI inches closer to network takeover

But don't worry, the models are here to help summarize technical docs and answer your questions ... for now

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

Out of the PAN-OS and into the firewall, a Python backdoor this way comes

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns

Starlink clashes with Telecom Italia over frequency data sharing

Refusal to play ball may result in satellite operator moving investment elsewhere

Some 300,000 IPs vulnerable to this Loop DoS attack

Easy to exploit, not yet exploited, not widely patched – pick three

Virgin Media sets up 'smart poles' next to cabinets to boost mobile network capacity

Not the best looking street furniture in town

Vernor Vinge, first author to describe cyberspace and 'The Singularity,' dies at 79

CompSci and math professor by trade, he envisaged a galactic Usenet, and was utterly brilliant

Japan's NTT and NEC reckon they can boost optical network capacities 12x

First tests of manycore fibres hailed as success over oceanic distances

We talk to W3C board vice-chair Robin Berjon about the InterPlanetary File System

The decentralized web is alive and well despite Web3 financial scheming

Attacks on UK fiber networks mount: Operators beg govt to step in

Some simply chop cables in ducts, others pour in petrol and set 'the whole lot alight'