Akamai on Thursday revealed that it mitigated a second record-setting distributed denial-of-service (DDoS) attack since the beginning of June, one that peaked at 809 MPPS (million packets per second).
Earlier this month, the company shared details on the mitigation of a 1.44 TBPS (terabits per second) DDoS assault that reached 385 MPPS at its peak, but the more recent incident, which happened on June 21, was more than double the size in terms of PPS.
The attack, which lasted just over 10 minutes, reached 418 GBPS within seconds, and 809 MPPS in two minutes. The attack vector was UDP on port 80.
Unlike large BPS assaults, which mostly target capability, PPS-focused attacks mainly aim to exhaust network gear and/or applications within the data center or cloud environment.
Designed to overwhelm DDoS mitigation systems through a high PPS load, the attack involved the use of packets carrying 1 byte payloads (for a total packet size of 29 with IPv4 headers), Akamai says.
Another unique characteristic of the attack was the use of a large number of source IP addresses. The assault was highly distributed in nature, with the number of source IPs increasing during the attack to over 600 times the number of source IPs per minute normally observed for the targeted customer, a European bank.
Akamai, which tracks hundreds of thousands of source IPs abused for DDoS, says that the vast majority of the IPs used in the attack were not observed in previous 2020 incidents, suggesting that an emerging DDoS-capable botnet was behind the operation.
“It was highly unusual that 96.2% of source IPs were observed for the first time (or at a minimum, were not being tracked as being part of attacks in recent history). […] In this case, most of the source IPs could be identified within large internet service providers via autonomous system (AS) lookups, which is indicative of compromised end-user machines,” the company explains.
“Looking holistically at DDoS activity since the onset of 2020, it is clear that large, sophisticated DDoS attacks are still a significant attack vector,” Akamai says.
Earlier this month, Amazon revealed that it had mitigated a massive 2.3 TBPS DDoS in February. That attack, the company said, peaked at 293 MPPS.