'Largest ever' DDoS attack targets European bank

The rare form of attack was designed to overwhelm the victim’s networking gear

Akamai claims to have prevented the largest-ever distributed denial of service (DDoS) attack, measured in packets-per-second (pps), targeting a large European bank.

The attack, which the networking and security company registered at 809 million PPS, was recorded on 21 June, just days after AWS announced it had blocked the largest ever DDoS attack in terms of bits per second (bps).

The incident took place in February, hitting 2.3Tbps, smashing the previous record of 1.7Tbps, with the peak of the attack 44% larger than anything the services had seen before. The nature of the attack AWS recorded, however, is different from that registered by Akamai.

This latest DDoS attack, which Akamai claims is the most intense ever recorded, aimed to overwhelm network gear and applications in the victim’s data centre or cloud environment.  This is against the aim of conventional high bps DDoS attacks, which aim to overwhelm the inbound internet pipeline. 

While both types of attack are volumetric in nature, pps attacks are much rarer and are designed to exhaust the resources of the networking gear. 

“One way to think about the difference in DDoS attack types is to imagine a grocery store checkout,” said Akamai principal product architect Tom Emmons. 

“A high-bandwidth attack, measured in bps, is like a thousand people showing up in line, each one with a full cart ready to check out. However, a PPS-based attack is more like a million people showing up, each to buy a pack of gum. In both cases, the final result is a service or network that cannot handle the traffic thrown at it.”

The attack was optimised to overwhelm DDoS mitigation systems by deploying a high pps load, Emmons added. What made the incident unique, moreover, was the massive increase in the amount of source IP addresses the attack relied on.

Related Resource

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The number of source IPs registering traffic to the victim increased substantially during the attack, suggesting the DDoS attack was highly distributed in nature. There were more than 600-times the number of source IPs per minute against what is normally observed.

The vast majority of these IP addresses, meanwhile, were not previously recorded in attacks during 2020, suggesting a novel botnet, with 96.2% of source IPs not seen before. 

Akamai added the attack reached a peak of 418Gbps within seconds, before reaching its peak size of 809 million pps within two minutes, with the track lasting slightly under ten minutes in total. The incident was fully mitigated at the time.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021