Microsoft mitigates its largest DDoS attack ever on Azure

Microsoft says it was able to mitigate a 2.4Tbps Distributed Denial-of-Service (DDoS) attack in August. The attack targeted an Azure customer in Europe and was 140 percent higher than the highest attack bandwidth volume Microsoft recorded in 2020. It also exceeds the peak traffic volume of 2.3Tbps directed at Amazon Web Services last year, though it was a smaller attack than the 2.54Tbps one Google mitigated in 2017.

Microsoft says the attack lasted more than 10 minutes, with short-lived bursts of traffic that peaked at 2.4Tbps, 0.55Tbps, and finally 1.7Tbps. DDoS attacks are typically used to force websites or services offline, thanks to a flood of traffic that a web host can’t handle. They’re usually performed through a botnet, a network of machines that have been compromised using malware or malicious software to control them remotely. Azure was able to stay online throughout the attack, thanks to its ability to absorb tens of terabits of DDoS attacks.

The attack on Azure lasted more than 10 minutes. Image: Microsoft

“The attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States,” explains Amir Dahan, a senior program manager for Microsoft’s Azure networking team.

While the number of DDoS attacks have increased in 2021 on Azure, the maximum attack throughput had declined to 625Mbps before this 2.4Tbps attack in the last week of August. Microsoft doesn’t name the Azure customer in Europe that was targeted, but such attacks can also be used as cover for secondary attacks that attempt to spread malware and infiltrate company systems.

The attack is one of the biggest in recent memory. Last year, Google detailed a 2.54Tbps DDoS attack it mitigated in 2017, and Amazon Web Services (AWS) mitigated a 2.3Tbps attack. In 2018, NetScout Arbor fended off a 1.7Tbps attack. The Verge