Microsoft's Azure has mitigated the largest botnet attack in history, with over 500,000 devices used to send up to 15.72 terabits per second to a single cloud endpoint in Australia, which is roughly equivalent to 3.5 million Netflix movies streamed simultaneously per-second.
In a blog post, Microsoft claims the Azure DDoS protection was able to detect the attack and filter the traffic so customers remained unaffected, but urged organizations to validate the security on any internet-facing devices to help prevent future attacks.
Distributed Denial of Service (DDoS) attacks use botnets of infected systems and devices to send unprecedented quantities of traffic to particular sites and servers in order to overwhelm them. It's a brute-force method to bring down services that can be particularly effective if safeguards aren't in place.
Over the past few years the scale of DDoS attacks has grown exponentially, too. Just this year we've seen record-breaking attacks that delivered 7.3 Tbps of traffic in June, followed by a larger 11.5 Tbps attack in September. Those have now been dwarfed by the scale of this latest attack, which reached 15.72 Tbps at its peak.
Not only is the scale of DDoS attacks increasing, but the way they are conducted is changing too. NetworkWorld quotes security analyst, Sunil Varkey, who highlights that DDoS attacks are becoming far more akin to hit-and-run incidents. Attacks are conducted with incredible intensity over short periods of time. This can make it hard for defences to react in time, though in this case it appears Microsoft's Azure was able to keep the lights on while mitigating the effects.
Part of the problem stems from the growing capabilities of home networks and devices. As fiber offers far greater upload speeds and growing numbers of IoT devices increase attack vector options for hackers, the ability for them to infect and utilize more devices has exploded.
Security cameras, appliances, Wi-Fi range extenders, video doorbells, smart thermostats, and a range of other smart home devices can all be used to send traffic to endpoints as part of botnet attacks. It's often hard to spot if they've been infected, too. As long as they continue to function normally, device owners may not be aware that their device(s) have been compromised and potentially used in future attacks.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
“This isn’t just a technical issue,” Varkey said. “It is a global cyber hygiene failure that is now manifesting as a strategic infrastructure risk. It is a large army of compromised and easily compromisable devices waiting for the command to initiate. Security accountability and assurance need to be revisited on priority, whether it is the OEM, the service provider, or the home user.”
He called on enterprises to employ layered defences of their networks and endpoints, using traffic-rate limiters, DDOS scrubbers, and robust network stress testing through DDOS simulation to dry-run attacks.
... continue reading