Microsoft countered a giant DDoS attack on Azure

DDoS attacks targeting hyperscalers are on the rise. After the one that hit AWS in 2020 (2.3 Tbps) and Microsoft in 2021 (2.4 Tbps), it was again the Redmond firm that was in the crosshairs of hackers. This time around, the intensity of the distributed denial of service attack has skyrocketed, with a record 3.47 Tbps. “In November, Microsoft mitigated a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second, targeting an Azure customer in Asia. We believe this is the largest attack ever reported in history,” Microsoft said.

The editor specifies that this attack emanated from more than 10,000 sources in several countries around the world including the United States, China, South Korea, Russia, Thailand, India, Vietnam, the Iran, Indonesia and Taiwan. The attack vector consisted of saturating traffic with UDP requests on port 80 using SSDP, CLDAP, NTP, and DNS protocols. Unlike previous attacks, this DDoS consisted of a single spike, lasting around 15 minutes.

Number of DDoS attacks (in thousands) targeting Microsoft in the second half of 2021. (credit: Microsoft)

A New TCP Manipulation Technique Observed

In the second half of 2021, Microsoft mitigated an average of 1,955 attacks per day, up more than 40% from the first half of 2021. The peak number of attacks per day recorded was 4,296 attacks on August 10, 2021. Nothing than in the second half of last year, the publisher reports having countered 359,713 unique attacks. “During the holiday season from October to December, we defended against new TCP PUSH-ACK flood attacks that were dominant in the East Asia region, including Hong Kong, South Korea and Japan,” Microsoft also explains. “We have observed a new TCP manipulation technique used by attackers to dump large payloads, whereby in this attack variant the length of the TCP option is longer than the header of the option itself”.