Security News > 2021 > October > Microsoft: Azure customer hit by record DDoS attack in August

Microsoft has mitigated a record 2.4 Tbps Distributed Denial-of-Service attack targeting a European Azure customer during the last week of August.
"This is 140 percent higher than 2020's 1 Tbps attack and higher than any network volumetric event previously detected on Azure," said Amir Dahan, a Senior Program Manager for Azure Networking, also describing it as a User Datagram Protocol reflection attack.
Dahan added that three attack peaks stood out, with the first reaching the maximum throughput at 2.4 Tbps and the subsequent going up to 0.55 Tbps and 1.7 Tbps. The August DDoS attack came after Microsoft reported a 25 percent increase in attacks compared to 2020 Q4, with a decline in maximum volumetric throughput, from 1Tbps in 2020 Q3 to 625 Mbps in the first half of 2021.
In early August, Alethea Toh, a Program Manager for Azure Networking, said that Microsoft recorded a sharp increase in daily DDoS attacks in the first six months of 2021, with a rise of 25% compared to Q4 2020.
The largest attack bandwidth that hit Azure's infrastructure during the first six months of 2021 was 625 Gbps, almost half of a 1 Tbps DDoS attack mitigated in Q3 2020.
Despite this, the average attack targeting Azure until the end of June has increased by 30 percent, going up from 250 Gbps to 325 Gbps. Azure customers in the United States, Europe, and East Asia regions are still the most heavily targeted mostly due to the high concentration of gaming industries and financial services in these regions.
News URL
Related news
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)