Skip links

Microsoft thwarts record‑breaking DDoS attack

The attack, which clocked in at 2.4 Tbps, targeted an Azure customer based in Europe

Microsoft has revealed that it thwarted a Distributed Denial-of-Service (DDoS) attack that clocked in at a whopping 2.4 terabits per second (Tbps). The onslaught, which targeted an Azure customer in Europe, surpasses the previous record holder – a 2.3 Tbps attack that was mitigated by Amazon Web Services (AWS) last year. It also dwarfs the previously largest DDoS attack (1 Tbps) on Azure from 2020.

According to Microsoft, the latest attack originated from some 70,000 sources and from several countries in the Asia-Pacific region, including Malaysia, Vietnam, Taiwan Japan, and China, as well as from the United States.

“The attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes. In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps,” said Senior Program Manager at Azure Networking Amir Dahan in a blog post describing the incident.

“The pace of digital transformation has accelerated significantly during the COVID-19 pandemic, alongside the adoption of cloud services. Bad actors, now more than ever, continuously look for ways to take applications offline,” Dahan added.

Traditional DDoS attacks overwhelm a target with bogus web traffic that comes from a large number of devices that have been corralled into a botnet. The aim of the attack is to take the victim’s servers offline and denying access to their services. If the attackers utilize a reflection amplification attack, they can amplify the volume of malicious traffic while obscuring its sources.

Historically, DDoS attacks have been used as a smokescreen for other, even more damaging onslaughts, or as a means to demand massive ransom fees from the targeted companies. While the victims could stand to lose millions of dollars in revenue from the reputational damage combined with the cost of downtime caused by these attacks, there is no guarantee that the attackers would cease their onslaught even if the ransoms are paid.