News

Epic DDoS Fail: Azure Cloud Fends Off 'Largest Attack Ever Reported in History'

• By David Ramel
• 01/31/2022

"In November, Microsoft mitigated a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), targeting an Azure customer in Asia. We believe this to be the largest attack ever reported in history," Microsoft reported last week.

What's more, that successful defense followed several other huge Distributed Denial-of-Service (DDoS) attacks of more than 2.4 Tbps that were mitigated.

Microsoft detailed the attacks in a Jan. 25 blog post highlighting Azure DDoS protection results in the second half of 2021. That time period saw a 40 percent increase in the average number of attacks per day -- to 1,955 -- from the first half of the year.

"In the second half of 2021, the world experienced an unprecedented level of Distributed Denial-of-Service (DDoS) activity in both complexity and frequency," said the post, co-authored by Anupam Vij, principal PM manager, and Syed Pasha, principal network engineer, Azure Networking.

It was that purported record-setter that garnered industry headlines, though.

"This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe," Microsoft said. "Attack vectors were UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP) comprising one single peak, and the overall attack lasted approximately 15 minutes."

As this graphic shows, UDP spoof flood attacks were found to be the overwhelmingly most popular attack vector:

UDP is commonly used in gaming and streaming applications, Microsoft said, and the gaming industry was identified as the top attack target.

"The gaming industry has always been rife with DDoS attacks because players often go to great lengths to win," Microsoft said. "Nevertheless, we see that a wider range of industries are just as susceptible, as we have observed an increase in attacks in other industries such as financial institutions, media, internet service providers (ISPs), retail, and supply chain. Particularly during the holidays, ISPs provide critical services that power internet phone services, online gaming, and media streaming, which make them an attractive target for attackers."