Akamai today disclosed it mitigated the largest packet per second (PPS) distributed denial-of-service (DDoS) attack ever recorded on its platform. Aimed at a large European bank, the attack generated 809 million packets per second (MPPS).
That attack comes on the heels of a 1.44 terabits-per-second (TBPS) attack disclosed last week by Akamai that for nearly two hours reached levels of 385PPS.
Shortly after that disclosure, Amazon Web Services (AWS) last week disclosed it had mitigated an even larger 2.3TBPS attack last February. That attack was traced back to cybercriminals that hijacked CLDAP web servers.
Roger Barranco, vice president of global security operations for Akamai, said in contrast, the DDoS attack Akamai revealed last week was orchestrated across nine different vectors.
Barranco said the level of DDoS attacks is rising in direct proportion to the number of devices being connected to the internet. The attacks, most of which are emanating from Asia, appear to have compromised a larger number of internet of things (IoT) devices in South Korea and Vietnam, he said, noting those devices also appear to be a mix of consumer and industrial devices connected to the internet.
In the wake of these attacks, it’s apparent cybercriminals are becoming a lot more adept at compromising large numbers of IoT devices to launch attacks that could easily overwhelm websites with limited DDoS mitigation protection. While there have been some notable efforts to take down DDoS-for-hire sites, launching a DDoS attack remains relatively simple. As such, Barranco said cybersecurity teams need to revisit their strategies—as these attacks continue to increase in size, more organizations will need to rely on DDoS mitigation services to enable their end users to be able to access their web applications.
Arguably, one of the most disconcerting aspects of these attacks is they are occurring just as many organizations are accelerating digital business transformation initiatives in response to the COVID-19 pandemic. As organizations rely more on digital processes to engage customers, a sustained DDoS attack can have a significant impact on the amount of revenue an organization can generate during the span of the attack.
Historically, DDoS attacks have doubled in size every two years. The latest attacks suggest the prevalence of IoT devices is likely to result in much larger attacks becoming a new normal, said Barranco.
In an ideal world, IoT devices would be a lot more secure than they are today. However, it’s not likely IoT cybersecurity issues will be addressed in a meaningful way anytime soon. In the meantime, Barranco said DDoS attacks are not likely to cripple the internet, but they are literally becoming a much bigger problem for all concerned.