Akamai Specialists toldthat last Sunday, June 21, 2020, a large European bank (name not disclosed) became the target for one of the most powerful DDoS attacks in history. Although the power of this attack was only 418 Gb / s, the experts recorded up to 809 million packets per second.
Here it is worth recalling that DDoS attacks are also different: their intensity is measured in bits per second (BPS), packets per second (PPS) or requests per second (RPS). Thus, attacks on the maximum BPS are usually aimed at exhausting the Internet channel, PPS are more often used to attack network devices and applications in the clouds and data centers, and the usual targets of RPS attacks are edge servers where web applications are executed.
Researchers write that the incident did not last long (about 10 minutes), but the attack “accelerated” to dangerous power very quickly. It took only a few seconds for the normal traffic level to rise to 418 Gbit / s, and about two minutes for the attack to peak at 809 million packets per second.
According to experts, a new botnet is behind this incident, thus making its first appearance. This conclusion is based on the large number of IP addresses involved in the attack, many of which were noticed for the first time: 96.2% of them were unknown to the company's analysts. During the attack, the number of IP addresses normally seen for this client jumped 600 times.
Akamai says this is a new record in the field of DDoS attacks like PPS. Previous powerful attack in this area occurred earlier this month and showed only 385 million packets per second, that is, now the previous figure was more than doubled.
Experts note that the new attack was clearly optimized to counter the protection systems against DDoS attacks and focused specifically on the maximum PPS. So, packets sent by cybercriminals had a payload of only 1 byte with a total packet size of 29 bytes with IPv4 headers, which hid them among several billion peers.
Let me remind you that this is the second DDoS record, broken this month. Earlier in June 2020, the Amazon AWS Shield service softened the BPS attack, reaching a power of 2.3 Tb / s. It would seem that against this background, the fresh Akamai incident, with a capacity of only 418 Gbit / s, does not look so impressive anymore. But, as mentioned above, the whole point is in different types of attacks. So, according to Amazon statistics, the largest PPS attack recorded by the company this year was only 293.1 million packets per second, which is 2.7 times less than the attack reflected by Akamai.