Need cloud computing? Get started now

Record-Breaking DDoS Attack in Europe

Akamai Wave Blue

Written by

Craig Sparling and Max Gebhardt

September 15, 2022

Craig Sparling

Written by

Craig Sparling

Craig Sparling is a Product Manager in the Cloud Security business unit. Craig joined Akamai with the acquisition of Prolexic and specializes in attack detection, network monitoring, data visualization, and user interfaces. His passion is working for customers to understand their needs and creating powerful and intuitive solutions that solve their real-world problems.

Max Gebhardt headshot

Written by

Max Gebhardt

Max is a product marketing manager at Akamai, where he leads go-to-market strategies and messaging for the infrastructure security division. He blogs about threat research, market trends, customer challenges, and various cybersecurity solutions.

On Monday, September 12, 2022, Akamai successfully detected and mitigated a new, record-breaking DDoS assault in Europe.

They’re back! 

Or, more accurately, the cybercriminals responsible for July’s record-setting European DDoS attack may have never left. In the weeks following our coverage of the previous incident, the victim (a customer based in Eastern Europe) has been bombarded relentlessly with sophisticated distributed denial-of-service (DDoS) attacks, ultimately paving the way for a new European packets per second (pps) DDoS record.

On Monday, September 12, 2022, Akamai successfully detected and mitigated the now-largest DDoS attack ever launched against a European customer on the Prolexic platform, with attack traffic abruptly spiking to 704.8 Mpps in an aggressive attempt to cripple the organization’s business operations.

Attack breakdown

Adversaries are constantly evolving their techniques, tactics, and procedures to evade detection and maximize disruption, as demonstrated by this ongoing attack campaign. Let’s break down and compare the two record-setting events. 

 

 

July Attack

September Attack

Peak pps

659.6 Mpps

704.8 Mpps

Cumulative Attacks

75

201

IPs Targeted

512

1813

Vector

UDP

UDP

Distribution

1 location

6 locations

Date of Attack

July 21, 2022

September 12, 2022

Top Scrubbing Locations

HKG, LON, TYO

HKG, TYO, LON

Prior to June 2022, this customer only saw attack traffic against its primary data center; however, they recognized the importance of a comprehensive defensive strategy early on, and onboarded their 12 remaining global data centers to the Prolexic platform for peace of mind. This proved highly fortuitous, as the attack campaign expanded unexpectedly, hitting six different global locations, from Europe to North America. These events reflect a growing trend in which adversaries are increasingly hitting deep-reconnaissance targets

Attack mitigation

To thwart an attack of this magnitude and complexity, Akamai leveraged a balanced combination of automated and human mitigation: 99.8% of the assault was pre-mitigated thanks to the customer’s proactive defensive posture, a preemptive security measure implemented by the Akamai Security Operations Command Center (SOCC). Remaining attack traffic and follow-up attacks leveraging different vectors were swiftly mitigated by our frontline security responders. In the wake of increasingly sophisticated DDoS attacks worldwide, many businesses struggle with the staffing of internal security resources, and instead look to Akamai’s SOCC to augment and act as an extension of their incident response team.

The attackers’ command and control system had no delay in activating the multidestination attack, which escalated in 60 seconds from 100 to 1,813 IPs active per minute. Those IPs were spread across eight distinct subnets in six distinct locations. An attack this heavily distributed could drown an underprepared security team in alerts, making it difficult to assess the severity and scope of the intrusion, let alone fight the attack. Sean Lyons, Senior Vice President and General Manager of Infrastructure Security says, "Akamai Prolexic’s DDoS specialization culture, focus on customer infrastructure designs and history are rooted in defending the most complex, multifaceted attacks, and our platform is equipped with purpose-built tooling for rapid threat mitigation, even in the 'fog of war.' "

Akamai Prolexic’s DDoS specialization culture, focus on customer infrastructure designs and history are rooted in defending the most complex, multifaceted attacks, and our platform is equipped with purpose-built tooling for rapid threat mitigation, even in the 'fog of war.

Sean Lyons, Senior Vice President and General Manager of Infrastructure Security
Distinct IP Count Per Minute.

Conclusion

Having a proven DDoS mitigation strategy and platform in place is imperative for shielding your business from downtime and disruption. Learn more about Akamai’s industry-leading DDoS solutions and how our advanced attack-fighting capabilities keeps organizations safe from increasingly sophisticated threats. 

Under attack? 

Click here for 24/7 emergency DDoS protection.

Guidance on minimizing DDoS risk

  • Immediately review and implement Cybersecurity and Infrastructure Security Agency (CISA) recommendations. 

  • Review critical subnets and IP spaces, and ensure that they have mitigation controls in place.

  • Deploy DDoS security controls in an always-on mitigation posture as a first layer of defense, to avoid an emergency integration scenario and to reduce the burden on incident responders. If you don’t have a trusted and proven cloud-based provider, get one now. 

  • Proactively pull together a crisis response team and ensure runbooks and incident response plans are up-to-date. For example, do you have a runbook to deal with catastrophic events? Are the contacts within the playbooks updated? A playbook that references outdated tech assets or people who have long left the company isn’t going to help.

For additional information on the steps you can take to protect your organization, please visit the following CISA resources:



Akamai Wave Blue

Written by

Craig Sparling and Max Gebhardt

September 15, 2022

Craig Sparling

Written by

Craig Sparling

Craig Sparling is a Product Manager in the Cloud Security business unit. Craig joined Akamai with the acquisition of Prolexic and specializes in attack detection, network monitoring, data visualization, and user interfaces. His passion is working for customers to understand their needs and creating powerful and intuitive solutions that solve their real-world problems.

Max Gebhardt headshot

Written by

Max Gebhardt

Max is a product marketing manager at Akamai, where he leads go-to-market strategies and messaging for the infrastructure security division. He blogs about threat research, market trends, customer challenges, and various cybersecurity solutions.