Microsoft said Monday it was able to neutralize a record breaking distributed denial of service attack against its Azure service in late October.
The multivector attack, measuring 15.72 Tbps and almost 3.64 billion packets per second, was the largest single attack in the cloud ever recorded, according to the company.
The company traced the attack to the Aisuru botnet, which often targets compromised home routers and cameras. Most of the threat activity linked to Aisuru involved residential internet service providers in the U.S., but also includes other countries, according to Microsoft.
Aisuru botnet was linked to a surge in DDoS activity in late October. Multiple “demonstration attacks” measuring more than 20 Tbps were reported, according to a blog from Netscout. The attacks mainly targeted internet gaming organizations.
“Aisuru and the emerging family of related TurboMirai high-impact DDoS botnets represent a significant threat to all network operators,” Roland Dobbins, principal engineer at Netscout, told Cybersecurity Dive.
This particular DDoS attack was launched from more than 500,000 source IPs across various regions of the globe. The attack targeted a single endpoint based in Australia.
Microsoft said DDoS attacks are increasingly becoming more powerful as residential speeds increase and the number of connected products rises.
“Attackers are scaling with the internet itself,” Sean Whalen, senior product marketing manager for Azure Platform Security, said in a blog post Monday. “As fiber-to-the-home speeds rise and IoT devices become more powerful, the baseline for attack size keeps climbing.”
The attack was mitigated through Azure’s DDoS Protection infrastructure, enabling the attack to be filtered and redirected. The company said customer workloads were maintained and service continued without interruption.
Cloudflare separately said a major outage Tuesday was the result of a change to its systems permissions. Company officials initially feared the outage was linked to a hyper-scale DDoS attack, but concluded there was nothing related to malicious activity.
The Cloudflare outage was the largest it has experienced since 2019, according to the company.