Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?



Akamai Mitigates Record 809 MPPS DDoS Attack

Akamai on Thursday revealed that it mitigated a second record-setting distributed denial-of-service (DDoS) attack since the beginning of June, one that peaked at 809 MPPS (million packets per second).

Akamai on Thursday revealed that it mitigated a second record-setting distributed denial-of-service (DDoS) attack since the beginning of June, one that peaked at 809 MPPS (million packets per second).

Earlier this month, the company shared details on the mitigation of a 1.44 TBPS (terabits per second) DDoS assault that reached 385 MPPS at its peak, but the more recent incident, which happened on June 21, was more than double the size in terms of PPS.

The attack, which lasted just over 10 minutes, reached 418 GBPS within seconds, and 809 MPPS in two minutes. The attack vector was UDP on port 80.

Unlike large BPS assaults, which mostly target capability, PPS-focused attacks mainly aim to exhaust network gear and/or applications within the data center or cloud environment.

Designed to overwhelm DDoS mitigation systems through a high PPS load, the attack involved the use of packets carrying 1 byte payloads (for a total packet size of 29 with IPv4 headers), Akamai says.

Another unique characteristic of the attack was the use of a large number of source IP addresses. The assault was highly distributed in nature, with the number of source IPs increasing during the attack to over 600 times the number of source IPs per minute normally observed for the targeted customer, a European bank.

Akamai, which tracks hundreds of thousands of source IPs abused for DDoS, says that the vast majority of the IPs used in the attack were not observed in previous 2020 incidents, suggesting that an emerging DDoS-capable botnet was behind the operation.

“It was highly unusual that 96.2% of source IPs were observed for the first time (or at a minimum, were not being tracked as being part of attacks in recent history). […] In this case, most of the source IPs could be identified within large internet service providers via autonomous system (AS) lookups, which is indicative of compromised end-user machines,” the company explains.

Advertisement. Scroll to continue reading.

“Looking holistically at DDoS activity since the onset of 2020, it is clear that large, sophisticated DDoS attacks are still a significant attack vector,” Akamai says.

Earlier this month, Amazon revealed that it had mitigated a massive 2.3 TBPS DDoS in February. That attack, the company said, peaked at 293 MPPS.

Related: Akamai, Amazon Mitigate Massive DDoS Attacks

Related: T-Mobile Outage Mistaken for Massive DDoS Attack on U.S.

Related: NXNSAttack: New DNS Vulnerability Allows Big DDoS Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...