Microsoft Corp. today revealed that it mitigated a 2.4-terabytes-per-second distributed denial-of-service attack that targeted an Azure customer, the largest DDoS attack ever recorded.

The attack originated from about 70,000 sources from countries in the Asia-Pacific region such as Malaysia, Vietnam, Japan and China (including Taiwan), as well as from the U.S. The attack vector was a so-called user datagram protocol reflection spanning more than 10 minutes with very short-lived bursts, ramping up in seconds to terabit volumes.

The three DDoS peaks registered at 2.4 Tbps, 0.55 Tbps and 1.7 Tbps. The previous record for DDoS traffic was 2.3 Tbps recorded in an attack on Amazon Web Services Inc. in February 2020. Microsoft’s previous highest DDoS attack targeting Azure was 1.6 Tbps.

In a blog post, Amir Dahan, senior program manager at Azure Networking, said the attack demonstrates the ability of bad actors to wreak havoc by flooding targets with gigantic traffic volumes to choke network capacity.

“However, Azure’s DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can absorb tens of terabits of DDoS attacks,” Dahan noted. “This aggregated distributed mitigation capacity can massively scale to absorb the highest volume of DDoS threats, providing our customers the protection they need.”

The name of the targeted Azure customer was not disclosed and described only as based in Europe.

“This is a great example of the security advantages offered by public cloud providers,” Ilia Kolochenko, founder of application penetration-testing company ImmuniWeb SA and a member of Europol Data Protection Experts Network, told SiliconANGLE. “Virtually no on-premises infrastructure would resist such annihilating DDoS, even if protected by a cloud-based anti-DDoS solution.”

The leading cloud vendors, notably AWS and Azure, offer probably the most comprehensive and efficient DDoS protection, Kolochenko added. “All premium features are quite costly, however, they offer amazing value for money compared to other solutions.”

The news of the attack comes after Microsoft revealed in August that DDoS attacks per day targeting Azure in the first half of the year had increased by 25%. Microsoft mitigated an average of 1,392 attacks per day, the maximum reaching 2,043 attacks on May 24.

Image: Wikimedia Commons