'Largest ever' DDoS attack targets European bank

The rare form of attack was designed to overwhelm the victim’s networking gear

Akamai claims to have prevented the largest-ever distributed denial of service (DDoS) attack, measured in packets-per-second (pps), targeting a large European bank.

The attack, which the networking and security company registered at 809 million PPS, was recorded on 21 June, just days after AWS announced it had blocked the largest ever DDoS attack in terms of bits per second (bps).

The incident took place in February, hitting 2.3Tbps, smashing the previous record of 1.7Tbps, with the peak of the attack 44% larger than anything the services had seen before. The nature of the attack AWS recorded, however, is different from that registered by Akamai.

This latest DDoS attack, which Akamai claims is the most intense ever recorded, aimed to overwhelm network gear and applications in the victim’s data centre or cloud environment.  This is against the aim of conventional high bps DDoS attacks, which aim to overwhelm the inbound internet pipeline. 

While both types of attack are volumetric in nature, pps attacks are much rarer and are designed to exhaust the resources of the networking gear. 

“One way to think about the difference in DDoS attack types is to imagine a grocery store checkout,” said Akamai principal product architect Tom Emmons. 

“A high-bandwidth attack, measured in bps, is like a thousand people showing up in line, each one with a full cart ready to check out. However, a PPS-based attack is more like a million people showing up, each to buy a pack of gum. In both cases, the final result is a service or network that cannot handle the traffic thrown at it.”

The attack was optimised to overwhelm DDoS mitigation systems by deploying a high pps load, Emmons added. What made the incident unique, moreover, was the massive increase in the amount of source IP addresses the attack relied on.

Related Resource

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The number of source IPs registering traffic to the victim increased substantially during the attack, suggesting the DDoS attack was highly distributed in nature. There were more than 600-times the number of source IPs per minute against what is normally observed.

The vast majority of these IP addresses, meanwhile, were not previously recorded in attacks during 2020, suggesting a novel botnet, with 96.2% of source IPs not seen before. 

Akamai added the attack reached a peak of 418Gbps within seconds, before reaching its peak size of 809 million pps within two minutes, with the track lasting slightly under ten minutes in total. The incident was fully mitigated at the time.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021