Security News > 2022 > January > Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users

Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second distributed denial of service attack targeting an Azure customer from Asia in November.
Two more large size attacks followed this in December, also targeting Asian Azure customers, a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443.
"In November, Microsoft mitigated a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second, targeting an Azure customer in Asia. We believe this to be the largest attack ever reported in history," said Alethea Toh, an Azure Networking Product Manager.
Previous record-breaking publicly reported DDoS attacks were a 21.8 million requests per second application layer assault that hit the Russian internet giant Yandex in August and a 2.3 Tbps volumetric strike detected by Amazon Web Services Shield during Q1 2020.
The November 3.47 Tbps attack was the largest one the company had to face to date, after previously reporting that it mitigated another record 2.4 Tbps attack targeting a European Azure customer during late August.
Microsoft saw a rise in attacks that lasted longer than an hour in the second half of 2021, while multi-vector attacks such as the record one mitigated in November were prevalent.
News URL
Related news
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft names alleged credential-snatching 'Azure Abuse Enterprise' operators (source)