Microsoft announces that Azure DDoS Protection defended against a DDoS attack of 3.47 Tbps in November 2021. “The largest attack reported in history”, Microsoft says.

DDoS attackers use the connectivity of hacked devices to fire a large number of data packets at a target. If a target cannot process the packets, the target is disabled. DDoS attacks are regularly used to bring down websites and web apps.

A new, annual Microsoft report indicates that terabyte-speed DDoS are increasingly common. Alethea Toh, Azure Networking Product Manager, describes how Microsoft observed two attacks of more than 2.5 terabytes per second (Tbps) at the end of 2021. The largest attack peaked at 3.47 Tbps. Microsoft estimates that 10,000 devices contributed to the attack, breaking the previous record of 2.4 Tbps.

The organization states that developers of online games and VoIP service providers were hit particularly hard in 2021. Among others, servers from Blizzard, Square Enix (Final Fantasy), Bandwith.com and VoIP Unlimited were temporarily downed.

Tip: Microsoft acquires Activision Blizzard for 61 billion euros

Short but powerful

According to Microsoft, the largest attacks were short-lived. The record attack of 3.47 Tbps stopped after fifteen minutes. Although Azure DDoS Protection managed to limit the damage, fifteen minutes would have been more than enough to eliminate a defenceless target.

Microsoft states that short, high-volume attacks are particularly effective at disabling game servers. “Workloads that are highly sensitive to latency, such as multiplayer game servers, cannot tolerate short-burst UDP attacks”, Toh explains. “Outages of just a couple seconds can impact competitive matches, and outages lasting more than 10 seconds typically will end a match.”

UDP reflection attacks

The largest attacks used UDP reflection. An attacker using UDP reflection will specify a target’s IP address as the source of a UDP request. The attacker proceeds to send a UDP request to a UDP server, after which the UDP server responds by sending response packets to the target’s IP address. This allows an attacker to increase the data volume of DDoS attacks.

All UDP technologies — including DNS and Network Time Protocol (NTP) — are abused by attackers.

Tip: DNS poisoning returns – ’38 percent of open resolvers threatened’