Posted on January 29, 2022 at 5:30 PM
Microsoft released a report saying that Azure recorded the highest level of distributed denial-of-service (DDoS) attacks during the second half of 2021. The company noted that the rate at which DDoS attacks were being executed was significantly high within the period.
A blog post from Azure noted that the gaming sector was the worst affected sector, following a series of DDoS attacks against companies such as Blizzard games.
A rise in DDoS attacks
The blog post talks about several DDoS attacks that have happened over the past year. One of these attacks includes the one that plagued some of the leading voice over IP (VoIP) service providers such as Bandwidth and VoIP Unlimited. These attacks affected the operations of these providers and affected a magnitude of uses that rely on these services.
India was also a victim of DDoS attacks in October. The attacks targeted several broadband providers that affected the operations of many users, given that the month is a festive season in the country. This presented an ideal opportunity for threat actors to launch their operations.
Azure added that launching DDoS attacks was an easy venture. “As we highlighted in the 2021 Microsoft Digital Defense Report, the availability of DDoS for-hire services as well as the cheap costs – at only approximately $300 USD per month – make it extremely easy for anyone to conduct targeted DDoS attacks.”
However, despite the rise in DDoS attacks in 2021, Microsoft’s Azure managed to mitigate some of the largest DDoS attacks. The blog post noted that the attacks mitigated by Azure were some of the largest in history.
“Microsoft mitigated an average of 1955 attacks per day, a 40 percent increase from the first half of 2021. The maximum number of attacks in a day recorded was 4296 attacks on August 10, 2021. In total, we mitigated upwards of 359,713 unique attacks against our global infrastructure during the second half of 2021, a 43 percent increase from the first half of 2021,” the blog post added.
While August had recorded an increase in the number of attacks, the number of attacks recorded during the end-of-year holiday season was much lower than the previous years. The increased number of attacks in Q4 as compared to Q3 showed that cybercriminals were changing their attack patterns as they were no longer in the habitual pattern of launching attacks during the holiday season.
The changing pattern has highlighted that threat actors use whatever possible loopholes to launch attacks. Hence, the data has shown that individuals and organizations need to have a strong cybersecurity system in place all year long, and not just when the number of attacks is expected to be significantly high.
Attacks increasing in magnitude and duration
In October 2021, Microsoft reported a 2.4 terabit per second Tbps attack that has been mitigated successfully. Additionally, three other larger attacks have also been mitigated. Another major attack was stopped in November with a throughput of 3.47 Tbps. The attack also had a packet rate of 340 million packets per second (pps). This attack targeted an Azure customer based in Asia. According to the company, this was the “largest attack ever reported in history.”
The platform gave additional details this major attack saying, “attack vectors were UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP) comprising one single peak, and the overall attack lasted approximately 15 minutes.”
The other two attacks that surpassed 2.5 Tbps were also mitigated. The two attacks were based in Asia, where one was a 3.25 Tbps UDP attack in Asia on ports 80 and 443, with the attack lasting for over 15 minutes. The second was at 2.54 Tbps UDP flop on port 443, with the attack lasting for around five minutes.
Additionally, the duration of the attacks was also shifting. During the first half of 2021, the majority of attacks were short-lived. However, this changed during the second half of 2021, where the proportion of the attacks increased to above 30 minutes. Azure noted that it saw attacks that lasted for more than one hour. It also added that the attacks were prevalent.
“It’s important to note that for longer attacks, each attack is typically experienced by customers as a sequence of multiple short, repeated burst attacks. One such example would be the 3.25 Tbps attack mitigated, which was the aggregation of four consecutive short-lived bursts that each ramped up in seconds to terabit volumes,” Microsoft Azure said.