On Monday, September 12, 2022, Akamai mitigated the largest DDoS attack ever that hit one of its European customers. The malicious traffic peaked at 704.8 Mpps and appears to originate from the same threat actor behind the previous record that Akamai blocked in July and that hit the same customer.
The following table compared the two massive DDoS attacks, it is possible to verify that while in July the number of cumulative attacks was 75, in September it jumped up to 201.
July Attack | September Attack | |
Peak pps | 659.6 Mpps | 704.8 Mpps |
Cumulative Attacks | 75 | 201 |
IPs Targeted | 512 | 1813 |
Vector | UDP | UDP |
Distribution | 1 location | 6 locations |
Date of Attack | July 21, 2022 | September 12, 2022 |
Top Scrubbing Locations | HKG, LON, TYO | HKG, TYO, LON |
Unlike the July attack, this time the attackers launched the attack against six data center locations from Europe to North America.
“On Monday, September 12, 2022, Akamai successfully detected and mitigated the now-largest DDoS attack ever launched against a European customer on the Prolexic platform, with attack traffic abruptly spiking to 704.8 Mpps in an aggressive attempt to cripple the organization’s business operations.” reads the analysis published by Akamai. “The attackers’ command and control system had no delay in activating the multidestination attack, which escalated in 60 seconds from 100 to 1,813 IPs active per minute. Those IPs were spread across eight distinct subnets in six distinct locations.”
Akamai applauded the approach adopted by its customer to mitigate DDoS attacks, after the July attack it had secured all of its 12 data centers.
“Having a proven DDoS mitigation strategy and platform in place is imperative for shielding your business from downtime and disruption” concludes the security firm.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.