'Largest ever' DDoS attack targets European bank

The rare form of attack was designed to overwhelm the victim’s networking gear

Akamai claims to have prevented the largest-ever distributed denial of service (DDoS) attack, measured in packets-per-second (pps), targeting a large European bank.

The attack, which the networking and security company registered at 809 million PPS, was recorded on 21 June, just days after AWS announced it had blocked the largest ever DDoS attack in terms of bits per second (bps).

The incident took place in February, hitting 2.3Tbps, smashing the previous record of 1.7Tbps, with the peak of the attack 44% larger than anything the services had seen before. The nature of the attack AWS recorded, however, is different from that registered by Akamai.

This latest DDoS attack, which Akamai claims is the most intense ever recorded, aimed to overwhelm network gear and applications in the victim’s data centre or cloud environment.  This is against the aim of conventional high bps DDoS attacks, which aim to overwhelm the inbound internet pipeline. 

While both types of attack are volumetric in nature, pps attacks are much rarer and are designed to exhaust the resources of the networking gear. 

“One way to think about the difference in DDoS attack types is to imagine a grocery store checkout,” said Akamai principal product architect Tom Emmons. 

“A high-bandwidth attack, measured in bps, is like a thousand people showing up in line, each one with a full cart ready to check out. However, a PPS-based attack is more like a million people showing up, each to buy a pack of gum. In both cases, the final result is a service or network that cannot handle the traffic thrown at it.”

The attack was optimised to overwhelm DDoS mitigation systems by deploying a high pps load, Emmons added. What made the incident unique, moreover, was the massive increase in the amount of source IP addresses the attack relied on.

Related Resource

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The number of source IPs registering traffic to the victim increased substantially during the attack, suggesting the DDoS attack was highly distributed in nature. There were more than 600-times the number of source IPs per minute against what is normally observed.

The vast majority of these IP addresses, meanwhile, were not previously recorded in attacks during 2020, suggesting a novel botnet, with 96.2% of source IPs not seen before. 

Akamai added the attack reached a peak of 418Gbps within seconds, before reaching its peak size of 809 million pps within two minutes, with the track lasting slightly under ten minutes in total. The incident was fully mitigated at the time.

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021