Business as usual for Azure customers despite 2.4 Tbps DDoS attack

%3CLINGO-SUB%20id%3D%22lingo-sub-2865945%22%20slang%3D%22en-US%22%3EBusiness%20as%20usual%20for%20Azure%20customers%20despite%202.4%20Tbps%20DDoS%20attack%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2865945%22%20slang%3D%22en-US%22%3E%3CP%3E%3CEM%3EWritten%20by%20Senior%20Program%20Manager%2C%20Azure%20Networking%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3EThis%20blog%20post%20was%20co-authored%20by%20Alethea%20Toh%2C%20Program%20Manager%20and%20Syed%20Pasha%2C%20Principal%20Network%20Engineer%2C%20Azure%20Networking.%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20early%20August%2C%20we%20shared%20Azure%E2%80%99s%20Distributed%20Denial-of-Service%20(DDoS)%20attack%20trends%20for%20the%20first%20half%20of%202021.%20We%20reported%20a%2025%20percent%20increase%20in%20the%20number%20of%20attacks%20compared%20to%20Q4%20of%202020%2C%20albeit%20a%20decline%20in%20maximum%20attack%20throughput%2C%20from%20one%20terabit%20per%20second%20(Tbps)%20in%20Q3%20of%202020%20to%20625%20Mbps%20in%20the%20first%20half%20of%202021.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3EThe%20last%20week%20of%20August%2C%20we%20observed%20a%202.4%20Tbps%20DDoS%20attack%20targeting%20an%20Azure%20customer%20in%20Europe.%20This%20is%20140%20percent%20higher%20than%202020%E2%80%99s%201%20Tbps%20attack%20and%20higher%20than%20any%20network%20volumetric%20event%20previously%20detected%20on%20Azure.%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22MAB.png%22%20style%3D%22width%3A%20470px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F318750iD86C27BD9D9339D6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22MAB.png%22%20alt%3D%22Figure%201%E2%80%94maximum%20attack%20bandwidth%20(terabit%20per%20second)%20in%202020%20vs.%20August%202021%20attack.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%201%E2%80%94maximum%20attack%20bandwidth%20(terabit%20per%20second)%20in%202020%20vs.%20August%202021%20attack.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3EThe%20attack%20traffic%20originated%20from%20approximately%2070%2C000%20sources%20and%20from%20multiple%20countries%20in%20the%20Asia-Pacific%20region%2C%20such%20as%20Malaysia%2C%20Vietnam%2C%20Taiwan%2C%20Japan%2C%20and%20China%2C%20as%20well%20as%20from%20the%20United%20States.%20The%20attack%20vector%20was%20a%20UDP%20reflection%20spanning%20more%20than%2010%20minutes%20with%20very%20short-lived%20bursts%2C%20each%20ramping%20up%20in%20seconds%20to%20terabit%20volumes.%20In%20total%2C%20we%20monitored%20three%20main%20peaks%2C%20the%20first%20at%202.4%20Tbps%2C%20the%20second%20at%200.55%20Tbps%2C%20and%20the%20third%20at%201.7%20Tbps.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Inbound%20UDP.png%22%20style%3D%22width%3A%20553px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F318752iCD58B43BE1B9F981%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Inbound%20UDP.png%22%20alt%3D%22Figure%202%E2%80%94attack%20lifespan%20and%20progress.%22%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-caption%22%20onclick%3D%22event.preventDefault()%3B%22%3EFigure%202%E2%80%94attack%20lifespan%20and%20progress.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22%22%3E%3CA%20title%3D%22Business%20as%20usual%20for%20Azure%20customers%20despite%202.4%20Tbps%20DDoS%20attack%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fbusiness-as-usual-for-azure-customers-despite-24-tbps-ddos-attack%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3ERead%20the%20full%20article%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Contributor

Written by Senior Program Manager, Azure Networking

 

This blog post was co-authored by Alethea Toh, Program Manager and Syed Pasha, Principal Network Engineer, Azure Networking.

 

In early August, we shared Azure’s Distributed Denial-of-Service (DDoS) attack trends for the first half of 2021. We reported a 25 percent increase in the number of attacks compared to Q4 of 2020, albeit a decline in maximum attack throughput, from one terabit per second (Tbps) in Q3 of 2020 to 625 Mbps in the first half of 2021.

 

The last week of August, we observed a 2.4 Tbps DDoS attack targeting an Azure customer in Europe. This is 140 percent higher than 2020’s 1 Tbps attack and higher than any network volumetric event previously detected on Azure.

 

Figure 1—maximum attack bandwidth (terabit per second) in 2020 vs. August 2021 attack.Figure 1—maximum attack bandwidth (terabit per second) in 2020 vs. August 2021 attack.

 

The attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States. The attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes. In total, we monitored three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.

 

Figure 2—attack lifespan and progress.Figure 2—attack lifespan and progress.

 

 

Read the full article

0 Replies