'Largest ever' DDoS attack targets European bank

The rare form of attack was designed to overwhelm the victim’s networking gear

Akamai claims to have prevented the largest-ever distributed denial of service (DDoS) attack, measured in packets-per-second (pps), targeting a large European bank.

The attack, which the networking and security company registered at 809 million PPS, was recorded on 21 June, just days after AWS announced it had blocked the largest ever DDoS attack in terms of bits per second (bps).

The incident took place in February, hitting 2.3Tbps, smashing the previous record of 1.7Tbps, with the peak of the attack 44% larger than anything the services had seen before. The nature of the attack AWS recorded, however, is different from that registered by Akamai.

This latest DDoS attack, which Akamai claims is the most intense ever recorded, aimed to overwhelm network gear and applications in the victim’s data centre or cloud environment.  This is against the aim of conventional high bps DDoS attacks, which aim to overwhelm the inbound internet pipeline. 

While both types of attack are volumetric in nature, pps attacks are much rarer and are designed to exhaust the resources of the networking gear. 

“One way to think about the difference in DDoS attack types is to imagine a grocery store checkout,” said Akamai principal product architect Tom Emmons. 

“A high-bandwidth attack, measured in bps, is like a thousand people showing up in line, each one with a full cart ready to check out. However, a PPS-based attack is more like a million people showing up, each to buy a pack of gum. In both cases, the final result is a service or network that cannot handle the traffic thrown at it.”

The attack was optimised to overwhelm DDoS mitigation systems by deploying a high pps load, Emmons added. What made the incident unique, moreover, was the massive increase in the amount of source IP addresses the attack relied on.

Related Resource

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The number of source IPs registering traffic to the victim increased substantially during the attack, suggesting the DDoS attack was highly distributed in nature. There were more than 600-times the number of source IPs per minute against what is normally observed.

The vast majority of these IP addresses, meanwhile, were not previously recorded in attacks during 2020, suggesting a novel botnet, with 96.2% of source IPs not seen before. 

Akamai added the attack reached a peak of 418Gbps within seconds, before reaching its peak size of 809 million pps within two minutes, with the track lasting slightly under ten minutes in total. The incident was fully mitigated at the time.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Apple patches zero-day flaw abused by infamous NSO exploit

Apple patches zero-day flaw abused by infamous NSO exploit

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021