Akamai mitigates record-setting DDoS attack
Akamai has mitigated what it believes to be a world record-setting DDoS attack against a large European bank in a concerning sign of an escalation of the DDoS threat landscape.
The attack was the largest ever recorded on the Akamai platform, generating 809 million packets per second. This was well over double the previous high water mark recorded on the Akamai platform.
The attack also came just one week after Akamai announced another huge DDoS attack against a US hosting service provider.
Analysis of the attack meanwhile indicates it was optimised to overwhelm DDoS mitigation systems via high PPS load, with each packet carrying a payload of just one byte.
Such focused attacks are far less common than those focused on overwhelming inbound internet pipelines bits per second.
Furthermore, these packets came from a vast number of IP addresses, with Akami recording up to 600 times the number of source IPs per minute compared to usual traffic to the targeted customer.
Even more concerningly, the vast majority (96.2%) of these IPs have not been recorded in prior attacks this year, indicating an emerging botnet. Akamai said it tracks hundreds of thousands of source IPs leveraged in DDoS attacks to date.
Another notable aspect of the attack was the speed at which it reached its peak. The attack grew from normal traffic levels to 418 Gbps in seconds, before reaching its peak size of 809 Mpps in a mere two minutes. The entire attack lasted just under 10 minutes.
Akamai said the attack demonstrates that large, sophisticated DDoS attacks are still a significant attack vector in 2020.
In addition, while financial services is a frequently targeted industry vertical in DDoS attacks, the fact that last week's attack was against a hosting provider demonstrates that companies in all industries are vulnerable to large DDoS attacks. Other frequent targets are gaming, media and business services companies.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Measuring inefficiency
With a view to improving my 'leanness' and stop myself working so many extra hours, I...
Cybersecurity advice in the wake of Ukraine
In light of the current situation in Ukraine, the ACSC is urging all Australian organisations to...
Why major IT changes can wait
Attempting major IT changes late in the day — or week — can be a recipe for disaster.