The company said the attack was140% larger than than the highest attack bandwidth volume Microsoft recorded in 2020 and higher than any network volumetric event previously detected on Azure. It also surpasses the previous largest DDoS attack, which peaked at 2.3Tbps and was directed at Amazon Web Services (AWS) last year.
It said the attack traffic originated from around 70,000 sources and from multiple countries in the Asia-Pacific region, including Malaysia, Vietnam, Japan, and China, as well as the US. The attack spanned over 10 minutes with very short-lived bursts, each ramping up in seconds to terabit volumes.
The company monitored three main peaks, the first at 2.4Tbps, the second at 0.55Tbps, and the third at 1.7Tbps.
Microsoft’s attack mitigation lifecycle is orchestrated by its control plan logic that dynamically allocates mitigation resources to the most optimal locations, closest to the attack sources. This meant that the attack traffic, which originated in the Asia-Pacific region and the US, did not reach the customer region but was instead mitigated at the source countries.
“Azure’s DDoS mitigation employs fast detection and mitigation of large attacks by continuously monitoring our infrastructure at many points across the network,” said Amir Dahan, senior programme manager at Azure Networking.
“When deviations from baselines are extremely large, our DDoS control plane logic cuts through normal detection steps, needed for lower-volume floods, to immediately kick-in mitigation. This ensures the fastest time-to-mitigation and prevents collateral damage from such large attacks.”
Dahan added that the customer did not suffer any impact or downtime, but if they had been running their own data centre instead of using Azure, they would most probably have incurred extensive financial damage as well as other intangible costs.
In 2020, Google revealed its infrastructure absorbed a 2.5Tbps DDoS attack three years previous. The attack was the culmination of a six-month campaign launched by Chinese-backed hackers that used multiple methods of attack, which ultimately had no material impact.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.