Microsoft says it blocked the largest DDoS attack it's ever seen

DDoS Attack
(Image credit: Shutterstock)

Microsoft has revealed that last November, it mitigated a Distributed Denial of Service (DDoS) attack with a throughput of 3.47 Tbps, and a packet rate of 340 million packets per second (pps). That makes it, according to Microsoft, the largest DDoS attack reported - ever.

Roughly 10,000 endpoints participated in the attack, coming from various places in the world, from the United States, China, South Korea, Russia, to Thailand, India, Vietnam, Iran, Indonesia, and Taiwan. All of these are most likely consumer devices, such as laptops, routers, and smart gadgets, laden with malware and controlled from a remote server. 

The attack, targeting an unnamed Microsoft Azure customer in Asia, used multiple vectors for the attack: UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP). All of these comprised a single peak, with the overall attack lasting approximately 15 minutes. 

Busy August

In addition to this newly-dubbed “largest-ever” attack, Microsoft mitigated two more large-scale DDoS attacks against Azure targets in October 2021, both with a throughput of 2.4 terabits per second.

Microsoft mitigated an average of 1,955 attacks per day, the report further said, representing a 40% increase from the first half of 2021. 

August 10 was reportedly the busiest day of 2021 for criminals, with that day seeing 4,296 attacks recorded. In total, the company mitigated more than 350,000 unique attacks against its global infrastructure in H2 2021, 43% up from H1 2021.

Microsoft also spotted that this year’s holiday season wasn’t as busy as last year’s. There were more attacks in Q3 than in Q4, with the majority happening in August. This may indicate a shift towards attackers being active all throughout the year, the report says.

“No longer is holiday season the proverbial DDoS season! This highlights the importance of DDoS protection all year round, and not just during peak traffic seasons,” the company concluded. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.