Akamai: We stopped record DDoS attack in Europe

A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days

Akamai Technologies squelched the largest-ever distributed denial-of-service (DDoS) attack in Europe earlier this month against a company that was being consistently hammered over a 30-day period.

According to the cybersecurity and cloud services vendor, the height of the attack hit on July 21, when over a 14-hour period it peaked at 659.6 million packets per second (Mpps) and 853.7 gigabits per second (Gbps).

"The attack, which targeted a swath of customer IP addresses, formed the largest global horizontal attack ever mitigated on the [Akamai] Prolexic platform," Craig Sparling, product manager in the vendor's Cloud Security business unit, wrote in a blog post.

Sparling didn't name the targeted company but said it is an Akamai customer in Eastern Europe. Over a 30-day period, the company came under attack 75 times via multiple vectors. The user datagram protocol (UDP) was the most popular vector used in the attack and was seen in the record spikes.

Other vectors used included UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood. Data scrubbing systems were able to weed out most of the dodgy traffic.

Traffic from the distributed attack suggested that the cybercriminals "were leveraging a highly-sophisticated, global botnet of compromised devices to orchestrate this campaign," Sparling wrote. "No individual scrubbing center handled more than 100Gbps of the overall attack."

The Prolexic platform includes 20 high-capacity scrubbing centers around the world, distributed to be close to the source of DDoS attacks as well as the victims. In an attack, the traffic is routed via Akamai's Anycast network through the closest scrubbing center, where Akamai's Security Operations Command Center uses mitigation controls to stop the attack.

DDoS attacks are designed to flood organizations with traffic to the point where they can no longer conduct business online. Application-layer attacks make networked software like web servers unable to process legitimate requests by swamping them with botnets. Network-layer attacks typically target a system's ability to process incoming network packets.

"The risk of distributed denial-of-service attacks (DDoS) has never been greater," Sparling wrote. "Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape. And attackers are showing zero signs of relenting."

Kaspersky in April released a report saying that DDoS attacks hit an all-time high in the first quarter, jumping 46 percent quarter-over-quarter, with the number of targeted attacks increasing 81 percent. The cybersecurity company the expanding DDoS landscape during the first quarter was shaped by Russia's ramp and eventual invasion of neighboring Ukraine.

Cloudflare – which in April warded off a record-setting HTTPS-based DDoS attack only to break that record by stomping on a larger attack two months later – similarly said in a report that in the first quarter, there was a 645 percent increase in DDoS attacks.

The continued evolution of DDoS attacks was on display in the incidents in April and June, according to Cloudflare researchers. In both cases, the attackers used junk HTTPS requests to overwhelm a website. In addition, the flood of network traffic in June originated from cloud service providers rather than residential internet service providers, indicating the attackers had to hijack virtual machines to scale the attack rather than simpler Internet of Things devices and home gateways.

Cloudflare earlier month said the culprit for the 26 million requests-per-second (RPS) attack in June was a botnet it named Mantis, which analysts said was an evolution on the Meris botnet. Meris was responsible for an attack in September 2021 against giant Russian tech company Yandex.

Last year Microsoft twice reported mitigating the largest recorded DDoS attacks in history, including one in November 2021 that hit 3.47 terabits-per-second and targeted a customer on Azure. ®

Send us news

Beneath Microsoft's Surface event, AI spreads everywhere

Windows gets its own Copilot to help operate the operating system – Edge, Bing, Outlook, 365 not spared, either

Cloudflare loosens AI from the network edge using GPU-accelerated Workers

Isn't that how Skynet took over?

Microsoft Surface chief Panos Panay abruptly announces departure

Rumors point to Panay headed to Amazon to take over for outgoing Alexa and Echo chief David Limp

It looks like you’re a developer. Would you like help upgrading Windows 11?

Microsoft adds a PC setup option and tools just for coders in Win 11 23H2, which debuted Tuesday

CMA says new Microsoft-Activision deal addresses concerns

Meet gaming's power couple, with Ubisoft the third wheel. Now competition watchdog must ensure Windows biz keeps promises

No joke: Cloudflare takes aim at Google Fonts with ROFL

Reckons it can deliver Comic Sans faster and keep your shame a secret

US State Dept has no idea if its IT security actually works, say auditors

End-of-life systems still in use, poor inventory control, and China's hunting

Microsoft kills classic Azure DaaS, because it isn't really Azure

Users get three-year deprecation and migration warning

Chinese snoops stole 60K State Department emails in that Microsoft email heist

No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc

Google exec: Microsoft Teams concession 'too little, too late'

If you don't tackle Redmond's abuse of software licensing in rival clouds it'll be game over for innovation, warns Amit Zavery

Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder

Included secrets, private keys, passwords, 30,000+ internal Teams messages

From frying Panos into the Fire? Amazon confirms hiring of Microsoft veteran

Device chief, who quit the beast of Redmond last week, takes similar role at arch rival