Why it matters: Akamai has thwarted a record-breaking DDoS attack on behalf of one of its clients. The victim was already hit by a flow of garbled traffic some months ago as cyber criminals are now choosing a more distributed approach to try and cripple the targeted infrastructure.
Akamai Technologies protected one of its Eastern European customers against a massive DDoS attack, a new record-setting flow of malicious traffic that tried to take the company's infrastructure offline. The content delivery network and cloud provider said the new attack is the worst ever recorded in Europe, with peak traffic of 704.8 Mpps and more widespread targets compared to the previous attack.
A distributed denial-of-service attack (DDoS) happens when multiple "zombie" or bot systems flood the bandwidth or resources of a targeted system, exploiting more than one unique IP address or machines – often from thousands of hosts infected with malicious software. The new attack seems to originate from the same threat actor, Akamai said, and it "bombarded relentlessly" the same Eastern European company which suffered a 659.6 Mpps attack in July.
The new flow of garbled Internet traffic was seven percent higher than the previous record-holding attack. The attackers targeted six different data centers located in Europe and North America. The number of unique IPs used as bots grew as well, from 512 to 1,813 in 201 different cumulative attacks. "The attackers' command and control system had no delay in activating the multidestination attack", Akamai stated, going from 100 to 1,813 IPs active per minute in just 60 seconds. The top locations targeted by the attack were in Hong Kong, London and Tokyo.
After the July incident, however, the customer was ready to defend itself: Akamai said that 99.8 percent of the assault was pre-mitigated thanks to the customer's proactive defenses implemented by the Akamai Security Operations Command Center (SOCC). Remaining attack traffic and follow-up attacks coming from different vectors were then "swiftly" mitigated by Akamai's frontline security responders.
Akamai further highlights the need to adapt the same proactive measures to defend data centers and cloud servers from the increasingly sophisticated threats flowing through the Internet. "An attack this heavily distributed could drown an underprepared security team in alerts", the CDN company said, "making it difficult to assess the severity and scope of the intrusion – let alone fight the attack."