Record-Setting DDoS Attack Highlights Malicious Actors’ Strategic Thinking


In mid-October, Microsoft revealed that it had succeeded in mitigating a 2.4 terabyptes-per-second (Tbps) distributed denial-of-service (DDoS) attack against its own infrastructure.

The tech giant explained that the attack targeted an Azure customer in Europe back in August and that it lasted for over 10 minutes. During that period, traffic peaked for a short time at 2.4 Tbps. Microsoft documented two smaller traffic spikes at 0.55 Tbps and 1.7 Tbps after that, as reported by MSN.

What Is a DDoS Attack?

A DDoS attack is a type of operation where malicious actors use remote locations to target an organization’s online presence. It works by flooding a target’s websites and other public-facing infrastructure with HTTP requests and traffic. This can prevent legitimate users from accessing those resources, thereby disrupting the target’s business operations.

What makes DDoS attacks effective is the fact that they abuse the functionality of networking equipment and services like routers for malicious ends. Here’s the Computing Technology Industry Association (CompTIA) with how.

“Sophisticated DDoS attacks don’t necessarily have to take advantage of default settings or open relays,” the trade association explained. “They exploit normal behavior and take advantage of how the protocols that run on today’s devices were designed to run in the first place. In the same way that a social engineer manipulates the default workings of human communication, a DDoS attacker manipulates the normal workings of the network services we all rely upon and trust.”

These types of events aren’t rare—especially not this year. According to VentureBeat, security researchers documented 972,000 DDoS attacks in January 2021. That’s higher than any other month on record. By June, the volume of campaigns had dropped to 759,000. But that didn’t prevent an increase of 11% for DDoS attacks during the first half of the year compared to H1 2020, totaling 5.4 million. VentureBeat went on to note that DDoS attacks could reach a record-setting 11 million by December if the trend in H1 2021 continues for the rest of the year.

Putting DDoS Attacks into Context

DDoS attacks can be standalone incidents. But they don’t have to be. Take email bombs for example. This type of operation targets an inbox with a flood of emails. Those messages aren’t malicious; they don’t contain embedded links or attachments that contain malware or that redirect victims to a phishing page. But they do serve an important function for attackers.

David Picket, senior cybersecurity analyst at AppRiver, explains how.

“The bomb is typically designed to distract the user from emails generated due to fraudulent purchases or financial account updates or transactions,” Pickett pointed out. “During these type of attacks, we've observed fraudulent airline ticket purchases, Apple store orders, and quite a few Best Buy pickup orders. If applicable to the fraudulent purchase ­- such as a Best Buy pickup order, attackers have mules ready to quickly pick up the fraudulently purchased merchandise soon after the attack begins.”

Digital fraudsters aren’t the only ones who have been known to use DDoS attacks as part of their operations. According to Bleeping Computer, the HelloKitty ransomware gang began leveraging DDoS attacks as another extortion-based tactic in the beginning of November. This involves targeting an organization’s public-facing website with a DDoS attack if the victim doesn’t respond quickly enough or doesn’t pay the demanded ransom.

How to Defend Against DDoS Attacks

In its documentation, Microsoft explains that it uses its global presence and engagement with Internet providers, private corporations, and other security firms to defend against network-based DDoS attacks. Those partners include Zix, which complements Microsoft’s focus on productive and performance with email threat protection. Click here to learn more about how this layered security approach can help to defend your organization against DDoS attacks and other threats.