Akamai Mitigates Sophisticated 1.44 Tbps and 385 Mpps DDoS Attack

ID AKAMAIBLOG:3568A62F3E5DCD40BF31B9814700435B
Type akamaiblog
Reporter Lorenz Jakober
Modified 2020-06-22T20:16:06


It always surprises me how easily a community can adapt to a new situation or reality. What was once considered an outlier or even an unimaginable situation can quickly become our new normal.

For those of us focused on protecting enterprises from threats, that also couldn't be more accurate. Specifically for the Akamai team working on our Prolexic platform in our Security Operations Command Center (SOCC), mitigating many distributed denial-of-service (DDoS) attacks a day has resulted in increasingly sophisticated automated tooling and expert-level know-how through mitigating these constant attacks.

Attackers haven't been resting on their laurels, either. Progress has been made on both sides.

As those who engage in volumetric attack mitigation know, DDoS attacks are often utilized as part of a multi-layered attack strategy that can serve multiple purposes, from acting as a diversion for data exfiltration attempts all the way to DDoS itself being the ultimate goal. At the end of May 2020, we hit a high-water mark on the Akamai platform with a 312 million packets per second (Mpps) type of attack. That attack against one of our financial services customers was mitigated in 0 seconds utilizing proactive mitigation on the Akamai Prolexic platform. For that attack, the malicious actor launched a bevy of minimally sized UDP packets in an attempt to overwhelm networking gear in the customer's data center.

But as I mentioned, attacks just keep growing and getting more sophisticated. In the first week of June 2020, Akamai mitigated yet another sizable attack that is so far the largest seen on the Akamai Prolexic platform. This time, it was against one of our internet hosting provider customers, with globally distributed attack traffic resulting in a 1.44 terabit per second (Tbps) and 385 Mpps attack lasting nearly two hours.


Other than its size, what made this attack interesting was that it used nine different attack vectors (ACK Flood, CLDAP Reflection, NTP Flood, RESET Flood, SSDP Flood, SYN Flood, TCP Anomaly, UDP Flood, UDP Fragment) and multiple botnet attack tools. Multi-vector attacks are so common that, in 2020 thus far, about 33% of attacks mitigated by our Prolexic platform have had three or more attack vectors, with 14 different vectors being the highest we have seen to date.

In order to mitigate an attack of this magnitude and complexity, we used what we believe is the only viable approach to mitigating large, sophisticated DDoS attacks: a combination of automatic and human mitigation.

While it's clear that as an industry we continue to see high-water marks in terms of frequency, scale, and sophistication of DDoS attacks, it is also clear that the best way to mitigate these attacks remains a combination of technology, people, and processes.

Put another way, DDoS attacks keep getting larger and more sophisticated. Not having a proven DDoS mitigation strategy for what will eventually happen is a recipe for disaster. From Akamai's perspective and specifically for our SOCC team, yet another large sophisticated DDoS attack is just another day at work -- fighting the good fight.

If you want to learn more about how to leverage Akamai's resources to help you, and what makes Akamai's approach to DDoS -- a combination of threat researchers, incident managers, security architects and cutting-edge tech -- unique, visit this page for more details.