Akamai: We stopped record DDoS attack in Europe

A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days

Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period.

According to the cybersecurity and cloud services vendor, the height of the attack hit on July 21, when over a 14-hour period it peaked at 659.6 million packets per second (Mpps) and 853.7 gigabits per second (Gbps).

"The attack, which targeted a swath of customer IP addresses, formed the largest global horizontal attack ever mitigated on the [Akamai] Prolexic platform," Craig Sparling, product manager in the vendor's Cloud Security business unit, wrote in a blog post.

Sparling didn't name the targeted company but said it is an Akamai customer in Eastern Europe. Over a 30-day period, the company came under attack 75 times via multiple vectors. The user datagram protocol (UDP) was the most popular vector used in the attack and was seen in the record spikes.

Other vectors used included UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood. Data scrubbing systems were able to weed out most of the dodgy traffic.

Traffic from the distributed attack suggested that the cybercriminals "were leveraging a highly-sophisticated, global botnet of compromised devices to orchestrate this campaign," Sparling wrote. "No individual scrubbing center handled more than 100Gbps of the overall attack."

The Prolexic platform includes 20 high-capacity scrubbing centers around the world, distributed to be close to the source of DDoS attacks as well as the victims. In an attack, the traffic is routed via Akamai's Anycast network through the closest scrubbing center, where Akamai's Security Operations Command Center uses mitigation controls to stop the attack.

DDoS attacks are designed to flood organizations with traffic to the point where they can no longer conduct business online. Application-layer attacks make networked software like web servers unable to process legitimate requests by swamping them with botnets. Network-layer attacks typically target a system's ability to process incoming network packets.

"The risk of distributed denial-of-service attacks (DDoS) has never been greater," Sparling wrote. "Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape. And attackers are showing zero signs of relenting."

Kaspersky in April released a report saying that DDoS attacks hit an all-time high in the first quarter, jumping 46 percent quarter-over-quarter, with the number of targeted attacks increasing 81 percent. The cybersecurity company the expanding DDoS landscape during the first quarter was shaped by Russia's ramp and eventual invasion of neighboring Ukraine.

Cloudflare – which in April warded off a record-setting HTTPS-based DDoS attack only to break that record by stomping on a larger attack two months later – similarly said in a report that in the first quarter, there was a 645 percent increase in DDoS attacks.

The continued evolution of DDoS attacks was on display in the incidents in April and June, according to Cloudflare researchers. In both cases, the attackers used junk HTTPS requests to overwhelm a website. In addition, the flood of network traffic in June originated from cloud service providers rather than residential internet service providers, indicating the attackers had to hijack virtual machines to scale the attack rather than simpler Internet of Things devices and home gateways.

Cloudflare earlier month said the culprit for the 26 million requests-per-second (RPS) attack in June was a botnet it named Mantis, which analysts said was an evolution on the Meris botnet. Meris was responsible for an attack in September 2021 against giant Russian tech company Yandex.

Last year Microsoft twice reported mitigating the largest recorded DDoS attacks in history, including one in November 2021 that hit 3.47 terabits-per-second and targeted a customer on Azure. ®

Send us news

National Cybersecurity Awareness program 18 years on: Don't click that

Technology is addressing many of the cyberthreats, but the human element will always be a factor

Cloudflare's invisible CAPTCHA works by probing browsers with JavaScript

Beta-grade widget respects your privacy, we're promised

Microsoft China turns 30, gives nation the gift of jobs and export promotion

Including assistance for the kind of companies the US is keen to contain

The web's cruising at 13 million new and nefarious domain names a month

Or so Akamai is dying to tell us

Microsoft says it's boosted phishing protection in Windows 11 22H2

Security tool warns admins, users when a password is used on an untrusted site or stored locally

What's Microsoft been up to? A quick tour of Windows 11 22H2's security features

And some requirements to be aware of

Stop us if you've heard this one before: Exchange Server zero-days actively exploited

Remember this next time Microsoft talks about how seriously it takes security

Microsoft to kill off old access rules in Exchange Online

Awoooogah – this is your one-year warning to switch over, enterprises

Microsoft: Watch out for password spray attacks – especially you, Basic Auth

Exchange Online users should have authentication policies in place

Check out this Android spyware, says Microsoft, the home of a gazillion Windows flaws

While issuing an emergency patch for Endpoint Configuration Manager

Microsoft highlights 'productivity paranoia' in remote work research

You know you're working, your colleagues know you're working, but the boss? Survey says: Paranoid

Eastern European org hit by second record-smashing DDoS attack

Cough, cough, U, cough, kraine