Akamai Blocks Largest DDoS Attack in Europe

by | Aug 7, 2022

DDOS attack

Distributed Denial of Service Attacks are getting larger in terms of bandwidth almost every month. But the month of July was unusual. Akamai Technologies, a provider of CDN, Internet security and cloud services, claims to have blocked the largest ever DDoS attack recorded in Europe. The DDoS attacks, which targeted an Eastern Europe customer 75 times last month over a 30-day period, were conducted by a sophisticated and well-coordinated global botnet of high-bandwidth IoT devices. The attackers had complete control of the attack and could evenly distribute the traffic across the botnet, to create high traffic volume.

A DDoS attack uses a botnet comprising thousands of compromised devices, to send malicious network traffic to a targeted server or online resource.  The intent is to overwhelm the target with traffic so that it is unable to accept legitimate requests from users, and becomes inaccessible to the public.

Akamai said the attacks peaked on July 21; over a 14-hour period, it peaked twice: 659.6 Mpps at 4:44 AM UTC and 853.7 Gbps at 6:40 PM UTC. Akamai declined to name the customer or the industry.

Dean Houari, director of security technology and strategy – APJ, Akamai Technologies said the reach of these attackers is global and that these attacks were conducted through a distributed botnet of “high bandwidth” IoT devices. He said it was a sustained attack over a 30-day period.

“The attackers were able to evenly distribute the traffic attack volume across their botnet. This contributed to creating record-high traffic volume. We have attackers leveraging botnets but these attacks had complete control on how traffic is generated and distributed across the world,” said Houari.

On its blog post, Akamai said the victim was targeted with horizontal attacks consisting of UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood, among others. It said UDP was “the most popular vector” observed in both record spikes.

Houari said the attack was well distributed across all Akamai’s DDoS “scrubbing centers” around the world such that none of these centers received more than 100 Gbps of traffic – indicating that the attacker had full control of the IoT devices on the botnet across the world, enabling such a record high volumetric attack.

A scrubbing center is a centralized data cleansing station where traffic is analyzed and malicious traffic directed from DDoS and other types of attacks is removed. Scrubbing centers are typically used by ISPs and Cloud providers.

See also: How to Block a Massive DDoS Attack

Previous DDoS Attacks

DDoS attacks became frequent this year. In June, Cloudflare, a content delivery network and DDoS mitigation company, reported that a botnet named Mantis was targeting its customers with “record-breaking attacks” of 26 million requests per second. And in April, Cloudflare reported that it mitigated a previous record-breaking attack of 15.3 million requests per second, then one of the largest HTTPS DDoS attacks on record.

Last September, the Mēris botnet was responsible for hitting Russian internet giant Yandex with 21.8 million RPS (requests per second).

Omer Yoachimik, Product Manager, Cloudflare said the quantity of DDoS attacks tend to be seasonal, aligned with geopolitical events around the world and also correlates to the rise of new botnets.

“While it’s hard to say for sure, because of the distributed nature of DDoS attacks, it may well be tied to events such as the war in Ukraine and additional global events such as elections and even new online game releases,” said Yoachimik.

In April, Kaspersky released a report saying that DDoS attacks hit an all-time high in the first quarter of 2022, jumping 46% quarter-over-quarter, with the number of targeted attacks increasing 81%. This is a 4.5-fold rise compared to the same period last year. Kaspersky said the expanding DDoS landscape during the first quarter was influenced by Russia’s invasion of Ukraine.

“In the Ukraine-Russia cyberspace, we can see that the war on the ground is accompanied by attacks targeting the spread of information. DDoS attacks target media outlets and publishing companies on both sides of the war to try and stop the spread of information,” said Yoachimik.

Kaspersky researchers say in their report that it is “highly unlikely that we will see a decline in DDoS activity before the end of hostilities in Ukraine.”

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles

How CASB Addresses Security Policy Concerns
How CASB Addresses Security Policy Concerns

Organizations are increasingly adopting CASB to address cloud service risks, enforce security policies, and comply with regulations, even when cloud services are beyond their perimeter and out of their direct control.