Network Security, Network Security

Microsoft Azure customer hit by record DDoS attack in August

A pedestrian moves past a Microsoft store in the usually bustling Pitt Street shopping mall on Oct. 6, 2021, in Sydney, Australia. (Photo by Lisa Maree Williams/Getty Images)

Microsoft on Monday reported an Azure customer in Europe was hit with a 2.4 terabits-per-second (Tbps) distributed denial of service (DDoS) attack in early August, making the summer attack even larger than the one detected by Amazon Web Services in Q1 2020. Microsoft reported no major networking issues from the attack, claiming that it was “business as usual” for its customers.

In a blog, Microsoft said that attack was 140% higher than 2020’s 1-Tbps attack and higher than any network volumetric event previously detected on Azure.

The Microsoft team said the attack traffic originated from some 70,000 sources from multiple countries in Asia-Pacific, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States. The attack vector was a UDP reflection spanning more than 10 minutes with very short-lived bursts. In total, Microsoft observed three main peaks: the first at 2.4 Tbps; the second was 0.55 Tbps; and the third at 1.7 Tbps.

Although maybe not as eye-catching as other cyber threats, DDoS attacks remain a persistent malicious technique frequently used by various threat actors, said Stefano De Blasi, cyber threat intelligence analyst at Digital Shadows. De Blasi said DDoS attacks are commonly associated with technically unsophisticated attackers, but these events remind us that highly skilled adversaries can mount high-intensity operations that may result in severe consequences for their targets.

“Different motivations can lie behind a DDoS attack,” De Blasi said. “Cybercriminals typically conduct DDoS operations to temporarily disrupt a target's infrastructure or act as a decoy for more dangerous activity. However, attacks like the one reported by Microsoft are a powerful reminder that some DDoS attacks can have a significant impact standing on their own. In fact, companies affected by high-intensity DDoS attacks may experience a long-time interruption of business, which in turn may cause financial loss, brand or reputational damage, and influence customer trust.”

Di Blasi added that the trend of DDoS attacks surpassing 2Tbps suggests that cybercriminals are increasingly recognizing the potential of this offensive vector in their campaigns and are working hard to refine their tools. “Additionally, in the past two years, we have frequently observed attackers combining DDoS attacks with cyber extortion tactics, potentially offering a glimpse into how this cyber threat will look in the near future,” Di Blasi said.

Bud Broomhead, CEO at Viakoo, explained that DDoS attacks are increasing in force and volume because of the vast number of vulnerable IoT devices that cyber criminals leverage to create botnets. 

“IoT vulnerabilities need to be quickly remediated to eliminate the risk of them being used in cyberattacks,” Broomhead said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.