Microsoft said it mitigated a 2.4 Tbps DDoS attack
Image: Microsoft
Catalin Cimpanu October 11, 2021

Microsoft said it mitigated a 2.4 Tbps DDoS attack

Catalin Cimpanu

October 11, 2021

Microsoft said it mitigated a 2.4 Tbps DDoS attack

Microsoft said its Azure cloud service mitigated a 2.4 terabits per second (Tbps) distributed denial of service attack this year, at the end of August, representing the largest DDoS attack the company faced to date, and the second-largest DDoS attack ever recorded.

Amir Dahan, Senior Program Manager for Azure Networking, said the attack was carried out using a botnet of approximately 70,000 bots primarily located across the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as the United States.

Dahan identified the target of the attack only as “an Azure customer in Europe.”

The Microsoft exec said the record-breaking DDoS attack came in three short waves, in the span of ten minutes, with the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.

Dahan said Microsoft successfully mitigated the attack without Azure going down.

Prior to Microsoft’s disclosure today, the record for the largest DDoS attack ever recorded was a 2.54 Gbps attack fended off by Google in September 2017. Amazon also recorded a giant 2.3 Tbps attack in February 2020.

Dahan said the largest DDoS attack that hit Azure prior to the August attack was a 1 Tbps attack the company saw in Q3 2020, while this year, Azure didn’t see a DDoS attack over 625 Mbps all year.

Record for largest volumetric DDoS attack broken days later too

Just days after Microsoft mitigated this attack, a botnet called Meris broke another DDoS record — the record for the largest volumetric DDoS attack. 

According to Qrator Labs, the operators of the Meris botnet launched a DDoS attack of 21.8 million requests per second (RPS) in early September. Sources told The Record last month that the attack targeted a Russian bank that was hosting its e-banking portal on Yandex Cloud servers.

Security firm Rostelecom-Solar sinkholed around a quarter of the Meris botnet later that month.

It is unclear if the Meris botnet was behind the attack detected and mitigated by Microsoft in August. An Azure spokesperson did not return a request for comment.

Article updated to add that the attack on Azure represents the second-largest ever.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.