Akamai said that the attack on a bank earlier this week was the largest ever packet per second (pps) distributed denial of service (DDoS) attack on its platform. The attack generated 809 million packets per second (Mpps). The targeted bank has not been revealed.
In a report, Akamai claimed this was a new industry record for pps focused attacks, and well over double the size of a previous attack it had mitigated.
What made attack unique, according to Akamai, was the massive increase in the amount of source IP addresses observed.
“The number of source IPs that registered traffic to the customer destination increased massively during the attack, indicating that it was highly distributed in nature. We saw upwards of 600x the number of source IPs per minute compared to what we normally observe for this customer destination,” the report said.
The vast majority of the attack traffic was sourced from IPs that researchers have not recorded in prior 2020 attacks. This, according to the report indicated an emerging botnet.
“Most of the source IPs could be identified within large Internet Services Providers via AS lookups, which is indicative of compromised end user machines,” said researchers.
Researchers said that Sunday’s attack was remarkable not only for its size, but also because of the speed at which it reached its peak. The attack grew from normal traffic levels to 418 Gbps in seconds, before reaching its peak size of 809 Mpps in approximately two minutes, researchers said.
Eyal Arazi, product marketing manager at Radware, told SC Media UK that the nature of DDoS attacks is shifting, and protections that used to be adequate not long ago are no longer effective.
“DDoS attackers are concentrating more and more on the application-layer, leveraging sophisticated bots to launch attacks, and use sophisticated attack vectors such as burst attacks, SSL floods, and carpet-bombing attacks,” he said.
“DDoS protection services vary wildly by technology, network, and service. This is why it’s important to choose a DDoS protection service that offers behavioural protections which go beyond simple signature and rate limits, have the capacity to deal even with the largest attacks, and back their marketing claims with quantifiable and measurable SLA metrics."
Javvad Malik, security awareness advocate at KnowBe4, told SC Media UK that like most security controls put in place, there is the chance that a DDoS attack will be successful in disrupting systems, rendering them unavailable.
“Organisations should also prepare for this scenario and get business advice on what the next steps should be. In some cases, organisations can ride the storm and afford to be offline for a period of time. Whether that's the case or not, organisations should have a plan to notify web hosting partners and have a mechanism to notify clients and partners to let them know service is temporarily unavailable and what steps they can take in the interim while the incident is being resolved,” he said.