Earlier this month, Akamai Technologies quelled the largest distributed denial of service (DDoS) attack in European history, saving an Eastern European company from more than 30 days of continuous damage .
Akamai, a provider of cybersecurity and cloud services, said the peak of the attack came on July 21, with a peak of 659.6 million packets per second (Mpps) and 853.7 gigabits per second (Gbps) in 14 hours .
In a blog post, Craig Sparling, product manager for Akamai’s cloud security business unit, wrote: “The attack targets a large number of customer IP addresses and is the largest global lateral attack ever thwarted on Akamai’s Prolexic platform.”
Sparling did not name the attacked company, but said it was an Akamai customer in Eastern Europe. Over a 30-day period, the customer was attacked 75 times through various means. The User Datagram Protocol (UDP) was the most commonly used route in this DDoS attack, with UDP attacks at record peaks.
Other attack methods include: UDP Fragmentation, ICMP Flood, RESET Flood, SYN Flood, TCP Exception, TCP Fragmentation, PSH ACK Flood, FIN Flood, and PUSH Flood. Data cleaning systems are able to remove most dangerous traffic.
Traffic from the DDoS attack suggests that the cybercriminal gang “used a sophisticated global botnet of compromised devices to orchestrate the campaign,” Sparling wrote. “None of the data cleaning centers in the entire attack handled more than 100Gbps of attack.”
The Prolexic platform includes 20 high-capacity data cleaning centers around the world, which are located around the world to handle DDoS attacks and protect victims nearby. During the attack, traffic flowed through the Akamai Anycast network to the nearest cleanup center, where the Akamai Security Operations Command Center applied various mitigation controls to thwart the attack.
The purpose of a DDoS attack is to flood the target business with traffic, making it impossible to conduct online business. Application-layer attacks can use botnets to initiate traffic floods that overwhelm networking software such as web servers, preventing them from processing legitimate requests. Network layer attacks typically target a system’s ability to process inbound network packets.
“The risk of distributed denial-of-service (DDoS) attacks has never been greater,” Sparling wrote. “In the past few years, businesses have faced a deluge of DDoS ransomware, new threats, aggressive state-sponsored hacking, and threats Unprecedented innovation in the field. And attackers show no signs of slowing down.”
In April of this year, Kaspersky released a report saying that DDoS attacks hit a record high in the first quarter, a 46% increase from the previous quarter, and the number of targeted attacks even increased by 81%. The cybersecurity firm believes that the Russian-Ukrainian conflict may be one of the reasons for the growing scope of the DDoS threat.
Cloudflare thwarted a record HTTPS DDoS attack in April, and a much larger attack just two months later. The company also reported a 645 percent increase in DDoS attacks in the first quarter.
The continued evolution of DDoS attacks was reflected in cybersecurity incidents in April and June, according to Cloudflare researchers. Attackers used junk HTTPS requests to flood websites in both cases. Additionally, the June flood of network traffic originated from cloud service providers rather than residential ISPs, suggesting that attackers had to hijack virtual machines to amplify the attack, rather than hijacking simpler IoT devices and home gateways.
Earlier this month, Cloudflare said the June attack of 26 million requests per second (RPS) was the work of the Mantis botnet, which is an evolution of the Meris botnet. Meris attacked Russian tech giant Yandex in September 2021.
Last year, Microsoft twice reported mitigating the largest DDoS attacks ever, including a November 2021 attack on an Azure customer that peaked at 3.47 terabits per second (Tbps).
This successful defense against the attack illustrates the importance of cloud security and data protection. If there is no data disaster recovery, then this news will be another cyber attack. Enterprises and individuals can use different ways to protect data, such as the more popular virtual machine backup, including RHV backup, VMware Backup, Hyper-V backup, and so on.