On October 11, 2021, Microsoft announced that in late August, it casually fended off a massive 2.4Tbps DDoS on its Azure service, with barely any downtime for its millions of users worldwide.
There are two remarkable things to take from this: the size of the attack to begin with and that Azure customers weren't forced offline en masse.
So, how did Microsoft brush off one of the largest ever recorded DDoS attack and keep Azure up and running?
Microsoft Target of World's Second Largest DDoS Attack
Before considering how Microsoft soaked up the pressure, consider the size of the attack.
Only one other DDoS attack has surpassed the attack sustained by Azure: the 2.54Tbps DDoS attack on Google back in 2017, which was reported in 2020.
Sitting just below the Microsoft Azure DDoS is the 2020 attack on Amazon Web Services (AWS), registering 2.3Tbps.
Microsoft says the enormous attack targeted one of its European clients, with the traffic originating from "approximately 70,000 sources from multiple countries in the Asia-Pacific region," including Malaysia, Vietnam, Taiwan, Japan, and China. However, there was also traffic detected from within the United States.
The official Microsoft blog revealing the massive DDoS explains the attack used UDP reflection to magnify its effects. UDP reflection attacks amplify the DDoS effect by generating more response data than is sent, which is then deflected to the target millions of times.
The resulting volume is what knocks the target offline—usually.
As far as DDoS attacks go, the Azure attack was fairly short-lived. Microsoft recorded three waves over the course of around ten minutes, with the first peak recording the largest volume of 2.4Tbps, the second at 0.55Tbps, and the third at 1.7Tbps.
Microsoft Azure Attack Illustrates DDoS Protection
Microsoft Azure appears to have taken a ShamWow to the enormous DDoS attack, soaking up the enormous high-power burst with apparant ease.
But how did Microsoft's infrastructure contain the the DDoS when so many other services would have crumbled?
The Microsoft blog explains that "Azure's DDoS protection, built on distributed DDoS detection and mitigation pipelines, can absorb tens of terabits of DDoS attacks." While that sounds like a challenge to an attacker, it's actually Microsoft illustrating how much thought has gone into developing robust DDoS protection as the cost of launching an attack is lower than ever, but the potential data massive.
Azure’s DDoS mitigation employs fast detection and mitigation of large attacks by continuously monitoring our infrastructure at many points across the network. When deviations from baselines are extremely large, our DDoS control plane logic cuts through normal detection steps, needed for lower-volume floods, to immediately kick-in mitigation. This ensures the fastest time-to-mitigation and prevents collateral damage from such large attacks.
In short, a distributed model mitigates the effects by moving traffic around, isolating specific areas, and protecting the rest of the network.
Are DDoS Attacks Increasing?
Distributed Denial of Service attacks are one of those issues that can increase in two directions: frequency and scale.
Answering any question regarding an increase in DDoS attacks must consider both.
In early August 2021, Microsoft Program Manager for Azure Networking Alethea Toh wrote on the Azure blog that the company recorded a massive increase in DDoS attacks in the first half of the year compared to the last six months of 2020.
The number of recorded daily DDoS attacks rose some 25%, with Microsoft mitigating more than 250,000 individual attacks against Azure. Furthermore, during the same period, the average DDoS attack size targeting Azure increased from 250Gbps to 325Gbps.
Microsoft's observations correlate to a wider DDoS trends. Imperva Research Labs 2021 Cyberthreat Defense Report found that overall DDoS attack volume increased 200% in comparison to 2020, with the number of packets per attack increasing by 300%.
Overall, DDoS attacks are rising, but the biggest web services such as Azure, AWS, and so on are much better at mitigating the damage.