Unwrapping the 2023 holiday season: A deep dive into Azure’s DDoS attack landscape

10 months ago 77
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

As the vacation play of 2023 unfolded, it brought not lone cheer and solemnisation but besides a surge successful Distributed Denial-of-Service (DDoS) attacks. This year’s trends successful DDoS attacks uncover a analyzable and evolving menace landscape. From misconfigured Docker API endpoints enabling botnet transportation to the emergence of NKAbuse malware exploiting blockchain exertion for DDoS attacks, the tactics and standard of these attacks person shown important sophistication and diversification.

The 2023 vacation play onslaught scenery successful Azure

In our monitoring of the onslaught scenery during the vacation season, we observed a notable displacement successful immoderate of the onslaught patterns compared to the erstwhile year. This alteration underscores the relentless efforts of malicious actors to refine their menace tactics and effort to circumvent DDoS extortion strategies.

Daily Attack Volume: Azure’s robust information infrastructure automatically mitigated a highest of 3,500 attacks daily. Notably, large-scale attacks, exceeding 1 cardinal packets per 2nd (pps), constituted 15%-20% of these incidents.*

A graph with bluish  and reddish  lines
showing fig   of regular  DDOS attacks mitigate automatically successful  Azure. Red country  shows ample  attacks. Blue areas shows smaller attacks.Figure 1: Number of regular DDoS attacks towards resources successful Azure.

Geographical origins: A displacement successful onslaught origins was observed, with 43% originating from China and 18% from the USA.* This marks a alteration from the erstwhile year, wherever some countries were arsenic represented arsenic determination sources.

A pastry  illustration  showing from what countries DDoS attacks towards resources successful  Azure are originatedFigure 2: Source countries for DDoS Attacks connected Azure.

Attack protocols: The 2023 vacation play saw a predominant usage of UDP-based attacks, targeting gaming workloads and web applications, accounting for 78% of the attacks. These see UDP reflected/amplified attacks, which predominantly leverage domain sanction strategy (DNS) and elemental work find protocol (SSDP), arsenic good arsenic speedy UDP net connections (QUIC) for reflection purposes. Notably, QUIC is emerging arsenic a much communal onslaught vector, either by reflection oregon by DDoS stressors that utilize UDP larboard 443 randomly. This year’s vacation play onslaught patterns opposition sharply with the erstwhile year, wherever TCP-based attacks dominated 65% of each attacks.*

Pie illustration  figures showing percent  of UDP vs TCP-based attacks. On the right, different  pastry  illustration  showing percent  of onslaught  protocols, DNS first, followed by SSDP, QUIC and the rest
Pie illustration  figures showing percent  of UDP vs TCP-based attacks. On the right, different  pastry  illustration  showing percent  of onslaught  protocols, DNS first, followed by SSDP, QUIC and the restFigure 3: Attacks protocols distribution.

Record-breaking attack: A staggering UDP attack, peaking astatine 1.5 terabits per 2nd (Tbps), targeted a gaming lawsuit successful Asia. This attack, originating from China, Japan, the USA, and Brazil, was highly randomized, involving galore root IPs and ports, yet was afloat mitigated by Azure’s defenses.

Botnet evolution: In the past year, cybercriminals progressively leveraged unreality resources, peculiarly virtual machines, for DDoS attacks. This inclination continued to germinate during the vacation season, with attackers trying to exploit discounted Azure subscriptions globally. From mid-November 2023 and until extremity of year, we monitored compromised relationship attempts successful 39 Azure regions, with Europe and the USA being the superior targets, accounting for about 67% of these incidents.* Azure’s defence mechanisms successfully neutralized these threats.

Pie illustration  showing regions wherever  exploited resources wherever  launched to make  ample  bots for DDoSFigure 4: Azure regions wherever attempts to exploit resources for DDOS attacks occurred.

Contextualizing the threat

The 2023 DDoS onslaught trends successful Azure mirror global patterns. Attacks are becoming politically motivated as we highlighted earlier past year, fueled by geopolitical tensions.

The emergence of DDoS-for-hire services, commonly known arsenic “stressers” and “booters” remain fashionable amongst attackers. These platforms, readily disposable connected cybercriminal forums, person democratized the quality to motorboat almighty DDoS attacks, making them accessible to little blase criminals for minimal costs. Recent years person seen an uptick successful the availability and usage of these services, confirmed by planetary instrumentality enforcement agencies done operations similar Operation PowerOFF, which last twelvemonth successful May targeted 13 domains associated with DDoS-for-hire platforms. Despite these efforts, stressers proceed to thrive, offering a scope of onslaught methods and power, with immoderate susceptible of attacks up to 1.5 Tbps.

Cloud power: Combating the evolving DDoS threats

The emergence of botnets astatine standard and DDoS-for-hire services poses a important hazard to online services and concern operations. To combat these threats, much unreality computing powerfulness is needed to sorb the starring question of the onslaught until patterns tin beryllium identified, spurious postulation diverted, and morganatic postulation preserved. When tens of thousands of devices represent an attack, the cloud is our champion defense, owed to the standard needed to mitigate the largest attacks. In addition, owed to the planetary organisation of the cloud, person proximity helps to artifact attacks closest to the sources.

Ensuring robust protection

In an epoch wherever integer threats are perpetually evolving, ensuring robust extortion against DDoS attacks has ne'er been much critical. Here’s however Azure’s broad information solutions are designed to safeguard your integer infrastructure.

DDoS Protection Service: With the precocious hazard of DDoS attacks, it’s indispensable to person a DDoS extortion work similar Azure DDoS Protection. This work provides always-on postulation monitoring, automatic onslaught mitigation upon detection, adaptive real-time tuning, and afloat visibility connected DDoS attacks with real-time telemetry, monitoring, and alerts.

Multi-Layered Defense: For broad protection, acceptable up a multi-layered defence by deploying Azure DDoS Protection with Azure Web Application Firewall (WAF). Azure DDoS Protection secures the web furniture (Layer 3 and 4), portion Azure WAF safeguards the exertion furniture (Layer 7). This operation provides extortion against assorted types of DDoS attacks.

Alert Configuration: Azure DDoS Protection tin place and mitigate attacks without idiosyncratic intervention. Configuring alerts for progressive mitigations tin support you informed astir the presumption of protected nationalist IP resources.

a radical  of radical   sitting astatine  a table  successful  beforehand   of a computer

Azure DDoS Protection

Protect your Azure resources from distributed denial-of-service (DDoS) attacks.

2024: Rising against DDoS threats

The 2023 vacation play has underscored the relentless and evolving menace of DDoS attacks successful the cyber landscape. As we modulation into the caller year, it becomes important for organizations to heighten and accommodate their cybersecurity strategies. This play should beryllium a learning curve, focusing connected fortifying defenses against specified DDoS attacks and staying vigilant against caller tactics. The resilience of Azure against these blase DDoS threats highlights the captious request for robust and adaptive information measures, not conscionable successful protecting integer assets but besides successful ensuring uninterrupted concern operations.


* Based connected interior information

The station Unwrapping the 2023 vacation season: A heavy dive into Azure’s DDoS onslaught landscape appeared archetypal connected Microsoft Azure Blog.

Read Entire Article