Pierluigi Paganini October 12, 2021

Microsoft Azure cloud service mitigated a massive DDoS attack of 2.4 terabytes per second (Tbps) at the end of August, it is the largest DDoS attack to date.

Microsoft announced that its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) DDoS attack at the end of August, it represents the largest DDoS attack recorded to date. The attack was aimed at an Azure customer in Europe, but Microsoft did not disclose the name of the victim. This is the largest DDoS attack that hit Azure customers prior to August 2020 when experts observed a 1 Tbps attack.

According to Microsoft experts, the attack was launched through a botnet composed of approximately 70,000 devices. Most of the compromised devices were located in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as the United States.

“The last week of August, we observed a 2.4 Tbps DDoS attack targeting an Azure customer in Europe. This is 140 percent higher than 2020’s 1 Tbps attack and higher than any network volumetric event previously detected on Azure.” reads the post published by Microsoft. “The attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes. In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.”

Experts reported that the attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts, Microsoft observed three main peaks, respectively at 2.4 Tbps, tat 0.55 Tbps, and 1.7 Tbps.

The good news is that Microsoft successfully mitigated the attack.

In the same period, the Russian Internet giant Yandex was hit by another massive DDoS attack, the largest one in the history of Runet, the Russian Internet designed to be independent of the world wide web and ensure the resilience of the country to an internet shutdown. The record magnitude of the massive DDoS attack was also confirmed by the US company Cloudflare, which specializes in the protection against such kinds of attacks. Curiously Yandex in partnership with third-party security firms provides its customers a DDoS protection.

The attack peaked at the unprecedented rate of 21.8 million requests per second.

Alexander Lyamin, CEO of Qrator Labs, a Yandex partner that provides DDoS protection, revealed that the DDoS attack was launched by a new DDoS botnet, tracked as Mēris (Latvian word for ‘plague’).

According to a joint investigation conducted by Yandex and Qrator Labs, the Mēris botnet is composed of approximately more than 200,000 devices.

Microsoft experts did not provide info regarding the name of the botnet involved in the attack, it is unclear if the azure customers was hit by the Meris botnet.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, botnet)

[adrotate banner=”5″]

[adrotate banner=”13″]