Akamai shares details of Asia’s record-breaking DDoS attack

Credit: audriusmerfeldas/Getty
Attack was distributed across Akamai's network, with most action seen in APAC, and the top locations were Hong Kong, Tokyo, São Paulo, Singapore, and Osaka

Cloud company Akamai has revealed details of the largest recorded DDoS attack ever launched against a customer based in Asia.

The attack, which lasted only a few minutes, peaked at a staggering 900.1 gigabits per second and 158.2 million packets per second, making it one of the most intense and short-lived attacks in recent times.

In a DDoS attack, the attacker floods the target's network with unwanted internet traffic, rendering it inaccessible to legitimate users. To counter the attack and safeguard its customers, Akamai Prolexic, a cloud-based DDoS scrubbing platform, was deployed to pre-mitigate the assault. This dedicated defence platform, which can scale to several times the size of the largest publicly reported attacks, was activated after an optimised DDoS incident response plan was launched by frontline responders.

Over 225 frontline responders across six global locations with decades of expertise mitigating the most sophisticated attacks for the world's largest, most-demanding organisations were involved to stop the attack. The attack was distributed across Akamai's scrubbing network, with all 26 of Akamai's fleet of scrubbing centres witnessing some amount of attack traffic. 

However, most of the attack traffic was heavily sourced from the Asia Pacific (APAC) region, with the top locations being Hong Kong, Tokyo, São Paulo, Singapore, and Osaka, and 48% of the traffic in-region.

Akamai reported no collateral damage for the customer, and the attack traffic patterns returned to normal after a few minutes, and the customer's services were restored without disruption. 

DDoS attacks ramp up in region

"The recent DDoS attack that Akamai mitigated in Asia serves as an important reminder that DDoS continues to be a pervasive threat that organisations here need to pay attention to. DDoS attacks continue to ramp up in the region because virtually every business is an online business today," says Parimal Pandya, Managing Director, Asia Pacific and Japan, Akamai.

"Customer experiences online are negatively impacted when a DDoS attack renders a site inaccessible and connection is compromised. This inaccessibility jeopardises consumer trust, and consistent disruptions will see them turning to alternative avenues instead," says Pandya.

In the wake of heightened operational risk, having a proven DDoS mitigation strategy is imperative for online businesses to thrive. To stay ahead of the latest threats, Akamai recommends the following:

  • Immediately review and implement cybersecurity recommendations and guidelines by the local government 
  • Review critical subnets and IP spaces and ensure that they have mitigation controls in place
  • Deploy DDoS security controls in an always-on mitigation posture as a first layer of defence to avoid an emergency integration scenario and to reduce the burden on incident responders. Organisations without a trusted and proven cloud-based provider are advised to start their search for one.
  • Proactively pull together a crisis response team and ensure incident response plans are up-to-date, including go-to contacts, and a runbook is available to provide guidance on procedures and operations that needs to be carried out in the event of a cyberattack.

"DDoS attacks have increased consistently in APAC, both in size and frequency, over the past couple of years and have become a serious threat to business growth and stability. As organisations across all verticals conduct their business online, attackers seek to disrupt and degrade customer experience and the reputation of these businesses for financial gain," says Dean Houari, Director of Security Technology and Strategy, Asia Pacific and Japan, Akamai.

"Specifically, cybercriminals continue to deploy DDoS as part of multi-faceted attacks to divert customer attention from data breaches and ransomware, or to coerce ransom payments,” says Houari. “Thus, it is critical that organisations adopt the right DDoS security solution to detect and mitigate attacks at scale, while having the right teams to monitor such attacks, as suggested in the guidance on minimising DDoS risks.”

Share

Featured Articles

Cooperation Key Theme at Microsoft Endpoint Security Summit

The Microsoft Endpoint Security Summit brought together leaders in the cybersecurity industry to discuss strategies for securing endpoints on Windows

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

Technology & AI

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security