In an age of growing digital attack surfaces, a DDoS attack with more than 15 terabits per second is not only a technical challenge, but also a geopolitical statement. On October 24, Microsoft Azure’s infrastructure became the target of an unprecedented attack, with a load of exactly 15.72 TBit/s and a packet rate of 3.64 billion per second. This is no stray test balloon, but a demonstration of power in the digital space.
The attack was carried out by a so-called botnet called Aisuru, a particularly aggressive member of the Mirai family. These digital zombie armies consist of compromised IoT devices, such as poorly secured home routers or surveillance cameras, which are scattered around the world but centrally controlled. Over 500,000 different source addresses from multiple regions fired synchronously at a single IP address, an endpoint in Australia that belonged to the Azure cloud. The aim was obviously not to cause widespread disruption, but to paralyze a specific point. Unlike many DDoS attacks, where attackers rely on IP spoofing to cover their tracks, this attack only used a small proportion of spoofed source addresses. The remaining packets came from actual devices with verifiable origins. This is not only bold, but also indicative of the self-confidence of modern attackers, who are no longer afraid of being seen as long as the effect is right.
Microsoft responded with the full range of its automated protection systems. Azure’s DDoS protection recognized and isolated the malicious data streams almost in real time. The affected service remained available and, according to Microsoft, customers did not notice any interruption. This is technically impressive, but no reason to sound the all-clear. Because with the increased performance of home connections (keyword: gigabit fiber optics), the exponential spread of IoT devices and the lack of security standards in mass production, the attackability of such botnets is also increasing. You could say that the attackers are scaling with the network. The more bandwidth and devices, the greater the attack potential. Cloud providers such as Microsoft, AWS and Google therefore find themselves in an asymmetrical war: they have to invest billions in defense, while an attacker with a few tens of thousands of devices and open software can start a digital conflagration.
In June, competitor Cloudflare reported a peak value of 7.3 TBit/s in a DDoS attack. In September, it was already 11.5 TBit/s. Microsoft’s 15.72 TBit/s thus marks a worrying trend: the maximum DDoS performance has more than doubled in just five months. And there are no signs that this trend is slowing down. On the contrary: attacks beyond 20 TBit/s are likely to soon be a reality. If you look at the cost-benefit analysis of such attacks, it becomes clear that the barriers to entry are falling. DDoS-as-a-Service is available on the Darknet for comparatively low prices. Companies, on the other hand, have to dig deep into their pockets to even begin to protect themselves, be it through content delivery networks, geo-redundant infrastructure or specialized defence mechanisms. An unequal battle.
The industry is at a crossroads. Without regulatory intervention, for example through mandatory security standards for IoT manufacturers, the situation will continue to worsen. Routers without firmware updates, cameras with default passwords and a lack of network segmentation are not just a problem for the end customer, but a systemic risk for the entire internet.
Conclusion
Microsoft has retained control in this case. However, this was no accident, but the result of massive investment in a resilient cloud infrastructure. The next stage of escalation is unlikely to be long in coming and not every provider will be able to withstand it.
Source: Heise
2 Antworten
Kommentar
Lade neue Kommentare
Urgestein
Neuling
Alle Kommentare lesen unter igor´sLAB Community →