Microsoft Under 2.4Tbps DDoS Attack - Second Largest on Record
Reading Time: 2 minutes

Microsoft under 2.4Tbps DDos Attack, second largest on record since August. The attack takes down Microsoft customer’s internet services

According to Microsoft it encountered a 2.4Tbps attack, it targeted Microsoft Azure customer base in Europe. Earlier Google fended off a similar 2.5 Tbps attack in 2017.

DDoS attacks are carried out by hackers to bring down a website or internet service. Usually, they bombard the system with a flood of data traffic, by harnessing botnets, or armies of malware-infected computers, to generate the traffic.

In the current attacks hackers used around 70,000 sources based in countries across Asia and the US. It is still not clear if the hackers used a botnet, though the UDP protocol was exploited, known as a “reflection attack” to amplify the data traffic to 2.4Tbps.

In a blog post, Microsoft said, “In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.” While the attack lasted for 10 minutes and occurred in waves.

Microsoft further added, “Attacks of this size demonstrate the ability of bad actors to wreak havoc by flooding targets with gigantic traffic volumes trying to choke network capacity. However, Azure’s DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can absorb tens of terabits of DDoS attacks. This aggregated distributed mitigation capacity can massively scale to absorb the highest volume of DDoS threats, providing our customers the protection they need.”

Earlier like Microsoft, Amazon also managed to fend off a DDoS attack in 2020. The hacker managed to exploit hijacked Connection-Less Lightweight Directory Access Protocol (CLDAP) servers to send a flood of traffic to an Amazon AWS customer.

With the threat of DDoS attacks lurking around many internet companies are offering DDoS protection capabilities with their cloud internet services. Cloudflare and Yandex witnessed massive DDoS attacks in the past, in this case, the hackers exploited HTTP browser-based requests, so the incidents were measured differently.

In the case of Cloudflare, it reached 17.2 million requests per second while the assault on Yandex peaked at nearly 22 million rps. Both the companies claimed to have fended off the attacks successfully.

Related Articles:

GitHub Revoked Weak SSH Authentication Keys Generated by a Popular Git Client
Canopy Parental Control App Vulnerable to Unpatched XSS Bugs
New Bloodystealer Trojan Steals User Accounts On Popular Online Video Game Distribution Services