Microsoft, like many other companies, has recorded an increase in the number and size of Distributed Denial of Service (DDoS) attacks on corporate customers. It was the company’s biggest attack to date, Happened in the last week of August this year.
At the time, the European Azure client was the target of a DDoS attack that sent about 70,000 computers in several countries, including Malaysia, Taiwan, Japan, China, and the United States, sending network traffic at speeds of up to 2.4 Tbps to the Azure client infrastructure – Sky.
Reflection attacks
It was a User Datagram Protocol (UDP) based attack attack that consisted of short bursts. The attack ended after just over ten minutes.
Boost/Reflection Attack
DDoS attacks that take advantage of varying volumes of requests and responses from publicly available servers.
One or more attacker requests that contain a false sender address (IP address) are sent by one or more devices to a chain of open servers that provide an appropriate service. Instead of sending the responses back to the devices the requests came from, all servers will then send the responses back to the computer or network that already has an IP address matching the fake sender address provided in the requests.
The resources behind this IP address are the target of the attack.
Since the responses received from the servers are so large and so many, they will collectively be able to load the computer or network with the relevant IP address, so that it does not have time to respond to common requests.
Microsoft did not mention the exact date of the attack nor the target customer. However, it is reported that the attack occurred mainly between 14:30 and 14:42 that afternoon.
Although this is the biggest attack on the Microsoft Azure infrastructure, it shouldn’t be noticeable to customers. Microsoft states that the company’s DDoS protection platform is capable of absorbing attacks on tens of terabits of data per second.
Although this attack is the largest that has affected Microsoft Azure, it is not the largest that has been discovered. Already in 2017, Google’s infrastructure was attacked by 2.5 terabytes per second, but the company did not tell about this until 2020.
In the first quarter of 2020 Amazon Web Services affected DDoS attack up to 2.3 terabytes per second.
There may be other DDoS attacks that are not known to the public.
It is not the only measure
Moreover, the data rate per second is not the only way to measure the size of a DDoS attack.
Other forms of attack may consist of relatively small amounts of data, but the number of network packets or requests sent per second is large enough that the infrastructure targeting the attack can only handle a small portion of the requests – if the systems aren’t overburdened.
The vast majority of legitimate queries will almost drown out the crowd and eventually emerge hours, if the infrastructure is not protected against such attacks.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”