A bank in Europe was hit by a massive distributed denial-of-service (DDoS) attack that generated a record 809 million packets per second (PPS).
The record DDoS attack was mitigated by Akamai on 21st June. The name of the bank was not disclosed by the company. This attack is considered to be one of the largest DDoS incidents to date, even though it is of just 418Gbps.
DDoS attack change according to the method used to pull down the target. Their intensity is measured in bits per second (BPS), packets for second (PPS), or requests per second (RPS).
BPS attacks tries to exhaust the internet pipeline, PPS are directed at overwhelming network gear or apps in data center or cloud, and RPS attacks target an edge server that runs a web application.
The incident lasted for a short time and increased in intensity in few minutes. The attack grew from normal traffic levels to 418 Gbps in few seconds and the flood grew to its peak size of 809 million packets per seconds in just two minutes. In total the attack lasted less than 10 minutes.
According to experts, the attack was launched by a new botnet due to involvement of high number of IP addresses in the attack that were seen for the first time. 96.2% of them were not seen by Akamai until now.
Akamai stated that this is a new industry record in terms of PPS-focused attacks. The previous largest attack recorded by the platform was 385 million PPS, while this incident is more than double.
This attack was clearly optimized to overwhelm DDoS mitigation systems via high PPS load. The sent packets carried a payload of just 1 byte in a total packet size of 29 with IPv4 headers, making it similar like one of its several billion peers.
The largest BPS DDoS attack recorded was that of 2.3Tbps and its mitigation is claimed by Amazon’s AWS Shield service.
According to Amazon’s metrics, the largest RPS DDos attack recorded in Q1 2020 had 293.1 RPS, which is 2.7 times smaller than what Akamai mitigated this week.
Before Akamai’s report, the largest publicly known PPS DDoS attack was recorded by Imperva on April 30, 2019 and the peak was close to 580 million packets per second.