Largest ever DDoS attack on Azure reveals the pros and cons of megaclouds: Is the public cloud dangerous?

Microsoft's Azure Networking team has shared how Microsoft Azure prevented one of the largest distributed denial of service (DDoS) attacks in the history of the Internet.

The largest attack ever against a single Azure IP was a 1Tbps attack in Spring 2020. Attacks in August 2021 were 2.4Tbps, more than twice as many as in Spring 2020. It surpasses all network attacks ever detected on Azure in terms of scale.

Alethea To (program manager) and Saeed Pasha (principal network engineer) of the Azure Networking team estimated that the attack traffic originated from about 70,000 sources, with multiple countries in Asia Pacific (APAC) and It is said that it was planted from the United States.

The UDP reflection attack lasted more than 10 minutes and was accompanied by three short bursts that spiked over several seconds. The peak was 2.4Tbps for the first, 0.55Tbps for the second, and 1.7Tbps for the third.

"Azure's DDoS Protection is built on a distributed pipeline of DDoS detection and mitigation, and can absorb DDoS attacks of tens of Tbit scale. Expanding this mitigation capacity to absorb DDoS and provide the necessary protection for

This attack was successfully mitigated by Azure's DDoS control plane. Resources were dynamically allocated in locations physically close to the source of the attack. This prevented malicious traffic from reaching customer regions. The logic kicks in when traffic volumes are detected to deviate significantly from the baseline, mitigating and preventing collateral damage within seconds.

"Internet-facing workloads, whether in the cloud or on-premises, are vulnerable to DDoS attacks. Azure's global absorption and advanced mitigation logic means users are impacted and downtime is experienced." There was no

Ilia Korochenko, founder of ImmuniWeb and member of Europol's Data Protection Experts Network, said the attack could benefit greatly from the capabilities of major public cloud providers. It is said to be an excellent example of sexuality.

Mr. Korochenko commented in an interview with Computer Weekly. “Even if you are protected by a cloud-based DDoS mitigation solution, it does not eliminate the possibility of intrusion on-premises. I have witnessed examples of abandoning part of the

"Public clouds from major providers, especially 'Amazon Web Services' and Azure, offer perhaps the most comprehensive and efficient DDoS protection for users. Premium features are very expensive. But other solutions." It achieves a surprisingly high cost performance than

Many people cite cybersecurity and compliance as reasons for not migrating data to the public cloud. However, a properly configured and hardened cloud infrastructure also enhances security for all users through better automation and incident response capabilities, Korotchenko added.