DDoS Attack

Akamai announced on Thursday that it has mitigated a second denial-of – service (DDoS) distributed record setting attack since the beginning of June, one that peaked at 809 MPPS (million packets per second).

The company shared information earlier this month on mitigating a 1.44 TBPS (terabytes per second) DDoS attack that exceeded 385 MPPS at its height, but the more recent incident that occurred on June 21 was more than double the size of PPS.

The assault, which lasted just over 10 minutes, came within seconds to 418 GBPS, and in two minutes to 809 MPPS. On port 80 the attack vector was UDP.

Unlike large BPS assaults, mostly targeting capability, PPS-focused attacks aim primarily at exhausting network gear and/or applications within the data center or cloud environment.

Designed to overwhelm DDoS mitigation systems by a high PPS load, the attack involved the use of packets carrying 1 byte payloads (for a total packet size of 29 with IPv4 headers), says Akamai.

Another unique feature of the attack was the utilization of a large number of source IP addresses. The assault was widely distributed in nature, with the number of source IPs rising to over 600 times the number of source IPs per minute usually observed for the targeted client, a European bank, during the attack.

According to Akamai, who tracks hundreds of thousands of source IPs abused for DDoS, the vast majority of IPs used in the attack were not observed in previous incidents in 2020, suggesting an emerging DDoS-capable botnet was behind this operation.

“It was highly unusual that for the first time 96.2 per cent of source IPs were detected (or at least not monitored as part of attacks in recent history). […] In this case, the majority of source IPs could be identified via autonomous system (AS) lookups in large Internet service providers, indicating compromised end-user machines, “explains the company.

“Since the start of 2020, looking holistically at DDoS activity, it’s clear that massive, sophisticated DDoS attacks are still an important vector of attack,” Akamai says.

Amazon announced earlier this month it had mitigated a huge 2.3 TBPS DDoS in February. The assault had peaked at 293 MPPS, the company said.