On July 21, 2022, Akamai detected and mitigated the largest DDoS attack ever launched against a European customer on the Prolexic platform, with globally distributed attack traffic peaking at 853.7 Gbps and 659.6 Mpps for 14 hours.
The risk of Distributed Denial of Service (DDoS) attacks has never been higher. In recent years, companies have been faced with a veritable flood of DDoS extortion, new threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape. And the attackers show no signs of giving in. On Thursday, July 21, 2022, Akamai detected and mitigated the largest DDoS attack ever launched against a European customer on the Prolexic platform, with globally distributed attack traffic peaking at 853.7 Gbps and 659.6 Mpps for 14 hours. The attack, which targeted a range of customer IP addresses, constituted the largest global horizontal attack ever mitigated on the Prolexic platform. Attack breakdown The victim, an Akamai customer based in Eastern Europe, has been targeted 75 times in the last 30 days with horizontal attacks consisting of UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood and PUSH flood, among others. UDP was the most frequent vector observed in both recorded peaks. After five days, the campaign peaked at PPS (659 Mpps) at 4:44 AM UTC (Figure 1). Fig. 1: Peak in PPS attack traffic The volume of attacks then increased to 853 Gbps at 18:40 UTC (Figure 2). Fig. 2: Peak in BPS attack traffic Distributed attack traffic suggests that the criminals exploited a highly sophisticated global botnet of compromised devices to orchestrate this campaign (Figure 3). No single scrubbing center handled more than 100 Gbps of the overall attack. Fig. 3: Time distribution of BPS attack traffic Mitigation strategy Without the right defenses, even a robust and modern network could give way under an attack of this magnitude, making any online activity that depends on that connection completely inaccessible, which can jeopardize customer trust, cause financial losses, and have other serious consequences. To counter the attack and safeguard the customer, Akamai Prolexic leveraged a combination of technology, people, and processes to prevent the attack without collateral damage, thanks to the proactive defense strategy for this customer. • Platform: A dedicated defense solution that can reach dimensions much larger than the largest attacks reported to the public. • People: More than 225 frontline operators in 6 global locations with decades of experience mitigating the most sophisticated attacks for the world's largest and most complex companies. • Process: Optimized DDoS incident response plans through custom runbooks, service validation, and operational readiness exercises. In the wake of increased operational risk, it is imperative for online businesses to have a well-established DDoS mitigation strategy. Akamai offers some recommendations to mitigate the risk of DDoS attacks: • Review and immediately implement the guidance of the Cybersecurity and Infrastructure Security Agency (CISA)*. • Review critical IP subnets and spaces and make sure mitigation controls are available. • Implement DDoS security controls in "always-on" mode as the first layer of defense, to avoid an emergency situation and reduce the burden on those responsible for accidents. If you don't have a reliable, proven provider that operates in the cloud, you should find it right away. • Proactively assemble a crisis response team and make sure your runbooks and incident response plans are up to date. For example, do you have a runbook to handle disastrous events? Are the contacts within the playbooks up to date? A playbook that references outdated tech resources or people who have long since left the company is not helpful. Akamai