Microsoft Azure cloud computing customer in Asia was a victim of a massive 3.47 Tbps DDoS attack (distributed denial of service attack) in November 2021, the software and technology giant Microsoft revealed on January 25, 2022.
The DDoS attack lasted approximately 15 minutes and included a botnet of more than 10,000 compromised IoT (Internet of Things) devices from countries across the globe. These included Iran, India, China, Russia, Taiwan, Vietnam, Thailand, Indonesia, South Korea, and the United States.
Although it is unclear who was behind the attack, Microsoft’s report titled “Azure DDoS Protection—2021 Q3 and Q4 DDoS attack trends” dug deeper into the attack. According to the company, the attack was mitigated however the attacker employed different methods to boost the DDoS attack.
Microsoft’s report further disclosed that there has been a surge in DDoS attacks with the United States and India being prime targets. The company noted that Hong Kong has also become a popular hotspot for attackers however there has been a decrease in DDoS activity in Europe.
What happens in a DDoS attack?
A DDoS attack involves sending a huge amount of illegal traffic from compromised machines to the intended target and therefore disrupting them completely. The system can crash and lead to a massive loss of data, particularly, in the case of companies that host a significant amount of information regarding their clients and customers.
Previous largest DDoS attacks
It is worth noting that prior to Microsoft’s disclosure on Tuesday, some of the largest and publicly reported DDoS attacks ever included a 2.3 TBPS DDoS attack in February 2020 on an Amazon Web Services (AWS) Shield DDoS protection service customer. The attack was successfully mitigated by the company.
In August 2020, Microsoft fended off a 2.4 Tbps DDoS attack against one of its Azure customers. The attack originated from a botnet comprising 70,000 compromised IoT devices.
On October 16th, 2020, Google revealed that it mitigated a 2.54 Gbps DDoS attack. The attack, according to Google, originally took place in September 2017 by a state-sponsored threat actor in China.