Akamai: We stopped record DDoS attack in Europe

A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days

Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period.

According to the cybersecurity and cloud services vendor, the height of the attack hit on July 21, when over a 14-hour period it peaked at 659.6 million packets per second (Mpps) and 853.7 gigabits per second (Gbps).

"The attack, which targeted a swath of customer IP addresses, formed the largest global horizontal attack ever mitigated on the [Akamai] Prolexic platform," Craig Sparling, product manager in the vendor's Cloud Security business unit, wrote in a blog post.

Sparling didn't name the targeted company but said it is an Akamai customer in Eastern Europe. Over a 30-day period, the company came under attack 75 times via multiple vectors. The user datagram protocol (UDP) was the most popular vector used in the attack and was seen in the record spikes.

Other vectors used included UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood. Data scrubbing systems were able to weed out most of the dodgy traffic.

Traffic from the distributed attack suggested that the cybercriminals "were leveraging a highly-sophisticated, global botnet of compromised devices to orchestrate this campaign," Sparling wrote. "No individual scrubbing center handled more than 100Gbps of the overall attack."

The Prolexic platform includes 20 high-capacity scrubbing centers around the world, distributed to be close to the source of DDoS attacks as well as the victims. In an attack, the traffic is routed via Akamai's Anycast network through the closest scrubbing center, where Akamai's Security Operations Command Center uses mitigation controls to stop the attack.

DDoS attacks are designed to flood organizations with traffic to the point where they can no longer conduct business online. Application-layer attacks make networked software like web servers unable to process legitimate requests by swamping them with botnets. Network-layer attacks typically target a system's ability to process incoming network packets.

"The risk of distributed denial-of-service attacks (DDoS) has never been greater," Sparling wrote. "Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape. And attackers are showing zero signs of relenting."

Kaspersky in April released a report saying that DDoS attacks hit an all-time high in the first quarter, jumping 46 percent quarter-over-quarter, with the number of targeted attacks increasing 81 percent. The cybersecurity company the expanding DDoS landscape during the first quarter was shaped by Russia's ramp and eventual invasion of neighboring Ukraine.

Cloudflare – which in April warded off a record-setting HTTPS-based DDoS attack only to break that record by stomping on a larger attack two months later – similarly said in a report that in the first quarter, there was a 645 percent increase in DDoS attacks.

The continued evolution of DDoS attacks was on display in the incidents in April and June, according to Cloudflare researchers. In both cases, the attackers used junk HTTPS requests to overwhelm a website. In addition, the flood of network traffic in June originated from cloud service providers rather than residential internet service providers, indicating the attackers had to hijack virtual machines to scale the attack rather than simpler Internet of Things devices and home gateways.

Cloudflare earlier month said the culprit for the 26 million requests-per-second (RPS) attack in June was a botnet it named Mantis, which analysts said was an evolution on the Meris botnet. Meris was responsible for an attack in September 2021 against giant Russian tech company Yandex.

Last year Microsoft twice reported mitigating the largest recorded DDoS attacks in history, including one in November 2021 that hit 3.47 terabits-per-second and targeted a customer on Azure. ®

Send us news

Azure extends DDoS attack protection down to small business users, for a fee

Microsoft moves IP Protection into public preview

Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank

Where's the Night's Watch when you need them?

Exchange Online and Microsoft Teams went down in APAC because Microsoft broke itself

Legacy process overwhelmed infrastructure, brought ten hours of trouble

Mozilla, Microsoft drop TrustCor as root certificate authority

'There is no evidence to suggest that TrustCor violated conduct, policy, or procedure' says biz

SQL Server license prices rise ten percent as version 2022 debuts

Azure SQL pay-as-you-go rate is the only rate that won't change, and it was already expensive

Eat up, Windows 11 users – this is your last non-security preview update for the year

'Tis the season for plugging holes and bolstering security

NOAA, Microsoft partner to put climate models in the clouds

Don't worry, Redmond hasn't gotten its hands on the agency's coffers yet

Cloudflare finds a way through China's network defences

Teams with locals to allow consistent security policy to make it through the Great Firewall

Microsoft hikes prices in India by up to eleven percent

PLUS: Eight million more outsourced jobs for India; Australia warns on IoT shoe risks; Equinix enters Malaysia

Cloudflare hikes prices by a quarter, blames the accountants

Cash flow is king, even in the cloud

European Parliament Putin things back together after cyber attack

DDoS started not long after Russia was declared a state sponsor of terrorism

Windows Server domain controllers may stop, restart after recent updates

Microsoft outlines a workaround while pulling together a fix to LSASS memory leak