On October 24, the Azure cloud platform withstood the most powerful DDoS attack ever recorded on cloud services: its peak reached 15.72 Tbit/s and almost 3.64 billion packets per second, but the targeted service in Australia remained available to users.
On October 24, the Azure cloud platform withstood the most powerful DDoS attack ever recorded on cloud services: its peak reached 15.72 Tbit/s and almost 3.64 billion packets per second, but the targeted service in Australia remained available to users.
Security Affairs writes in detail about the incident, citing a Microsoft report. According to the company, the attack was carried out by the Aisuru Turbo Mirai botnet, which consists of compromised home routers, surveillance cameras, and other IoT equipment. At its peak, the attack involved more than 500,000 IP addresses, which launched massive UDP floods with random ports on a single public endpoint.
Azure DDoS Protection automatically detected the multi-vector attack and filtered malicious traffic at the edge of Microsoft’s global network. This prevented the overload from reaching data centers and the availability of the service for legitimate users was not affected. At the same time, the absence of widespread spoofing made it easier to identify traffic sources, which made it possible to quickly disable infected nodes on the provider side.
Microsoft says Aisuru is part of a broader trend: rising home fiber speeds and IoT device power are raising the «baseline» for potential DDoS attacks. The botnet has already been used to launch attacks with peak traffic of over 20 Tbps against online gaming and telecommunications providers, and was also seen in a record-breaking 22.2 Tbps attack that Cloudflare previously blocked.
Like other members of the Turbo Mirai family, Aisuru operates as a DDoS service on demand. In addition to UDP, TCP, and GRE floods, its infrastructure is used for other types of malicious activity: mass password attempts, spam, phishing, and automated web scraping. A significant portion of the traffic comes from subscriber devices without address substitution, which makes attacks particularly painful for broadband networks.
Microsoft warns that the risks of DDoS traffic will only increase as the holiday season approaches. The company urges businesses to review the protection settings of all public applications and workloads, including enabling DDoS protection in the cloud, reviewing incident response plans, and infrastructure readiness for multi-vector attacks of this magnitude.
Previously, dev.ua wrote about how infrastructure network Cloudflare announced the automatic blocking of a hyper-volume DDoS attack, which at its peak reached 11.5 Tbit/s and 5.1 billion packets per second. In recent weeks, the company’s protection, according to it, has autonomously suppressed hundreds of such attempts, preventing customer disruptions.
