DDoS stands for Distributed Denial-of-Service. As the name implies, it's a DoS (Denial of Service) attack that originates from multiple sources simultaneously.
DDoS is often used to attack a targeted system with a barrage of fake traffic. In an attempt to overwhelm the target's resources, DDoS attack's goal is to cripple the target, so it can no longer receive legitimate traffic from intended users.
Usually, the result of DDoS attacks can make the target go offline.
As malicious actors can and have access to an increasing number of hosts and bots, they control a bigger pool of resources to launch their attacks. And this results to DDoS attacks getting larger and larger.
This time, Microsoft said that its Azure DDoS protection platform managed to mitigate a massive 3.47 terabits per second (Tbps) DDoS attack targeting one ifs Azure customer from in Asia in November.
According to Alethea Toh, an Azure Networking Product Manager:
"This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan."
It is said that the attack used multiple vectors for the attack: UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP).
All of these comprised to a single peak, with the overall attack lasting approximately 15 minutes.
When the attack happened, the 3.47 Tbps attack was the largest one Microsoft had to face, and also ever recorded.
Previously, the company reported that it mitigated another record 2.4 Tbps attack targeting its European Azure customer during late August.
Microsoft saw a rise in attacks that lasted longer than an hour in the second half of 2021.
These more prolonged DDoS attacks were usually short-lived, but came in repeated burst attacks that ramping up to terabit volumes in just seconds.
According to Microsoft's report, August 10 was its busiest day of 2021 in mitigating DDoS attacks, with the company seeing 4,296 attacks.
Microsoft also saw a decrease in attacks during the holiday season, if compared to the year before it.
"No longer is holiday season the proverbial DDoS season! This highlights the importance of DDoS protection all year round, and not just during peak traffic seasons," the company said.
Microsoft mitigated an average of 1,955 attacks per day, the report further said, representing a 40% increase from the first half of 2021.
"Gaming continues to be the hardest hit industry. The gaming industry has always been rife with DDoS attacks because players often go to great lengths to win," Toh added.
"The concentration of attacks in Asia can be largely explained by the huge gaming footprint10, especially in China, Japan, South Korea, Hong Kong, and India, which will continue to grow as the increasing smartphone penetration drives the popularity of mobile gaming in Asia."
"We observed a new TCP option manipulation technique used by attackers to dump large payloads, whereby in this attack variation, the TCP option length is longer than the option header itself," Toh added.
Other DDoS records reported included the 2 Tbps DDoS attack mitigated by Cloudflare, and the 2.3 Tbps DDoS attack that sent 21.8 million requests per second hitting the Russian internet giant Yandex.