Microsoft reveals massive DDoS attack in November 2021: Peak traffic up to 3.47Tbps

DDoS attack report

Microsoft Azure recently released the platform’s DDoS attack report for the Q3 and Q4 quarters of 2021. The report shows that in November 2021, an Azure customer in Asia was hit by a large-scale DDoS attack. The attack lasted for 15 minutes and the peak traffic was as high as 3.47Tbps. Thanks to Microsoft’s immediate response, the attack will soon be defused.

This attack should also have the highest traffic among DDoS attacks so far. The attackers invoked devices from more than 10,000 sources and countries and regions around the world, including China, the United States, Russia, Thailand, and India. The packet rate is as high as 340 million per second. The attack vector is UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP) comprising one single peak, and the overall attack lasted approximately 15 minutes.

It is worth noting that in the Q4 quarter, Microsoft’s cloud computing customers suffered from large-scale DDoS attacks one after another. The earliest large-scale attack was in October, and the peak traffic was as high as 2.47Tbps; in November the peak traffic was 3.47Tbps, the third time was two attacks over 2.5Tbps in December, and these two attacks also occurred in Asia, one of which peaked at 3.25Tbps.

Microsoft Azure uses distributed DDoS detection and mitigation channels to absorb attack traffic. At the same time, the edge node server will also directly remove abnormal traffic without requesting the client-server, so the final impact on the client-server is relatively limited.

In terms of customer industries, game companies are mainly attacked. Hackers prefer to use UDP flood attacks because game players can’t stand the freezing problem of the server. Therefore, hackers can easily affect players after attacking game companies, thereby losing game reputation and causing the loss of players.

Microsoft said that while the gaming industry remains the hardest hit, it also observed an increase in attacks on financial institutions, media, ISPs, retail, and supply chain companies. Especially during holidays, the network services provided by ISPs are the key infrastructure of people’s Internet life. Once attacked, it will have a serious impact.

In terms of software, the current variant of the Mirai IoT worm is still the biggest source of attacks. Hackers infect a large number of IoT devices through Mirai to form a botnet, and then they can launch DDoS attacks to paralyze target customers when needed.