Microsoft this week revealed that it had fended off a record number of distributed denial-of-service (DDoS) attacks aimed at its customers in 2021, three of which surpassed 2.4 terabit per second (Tbps).

One of the DDoS attacks took place in November, targeting an unnamed Azure customer in Asia and lasted a total of 15 minutes. It hit a peak throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), making it the largest attack ever reported in history.

"This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan," Alethea Toh, product manager of Azure Networking, said.


DDoS attacks occur when several compromised devices are employed as a conduit to overwhelm a targeted server, service, or network with a flood of internet traffic with the goal of overloading the systems and disrupting its regular services.

Then in December, Microsoft said it blocked two more attacks that surpassed 2.5 Tbps, both of which were aimed at customers in Asia. The first of the attacks was a 3.25 Tbps UDP attack, while the other intrusion was a 2.55 Tbps UDP flood that lingered for just a little over five minutes.

The report comes more than three months after the tech giant disclosed it acted to blunt a 2.4 Tbps DDoS attack in August 2021 targeting a European customer. Other previous record-breaking attacks include a 2.5 Tbps DDoS attack absorbed by Google in September 2017 and a 2.3 Tbps volumetric strike aimed at Amazon Web Services in February 2020.

Microsoft said it observed a rise in attacks that lasted longer than an hour in the second half of 2021, whereas the proportion of short-lived attacks that were 30 minutes or less dropped from 74% to 57%. That said, the longer duration assaults are experienced as a sequence of multiple short, repeated burst attacks.


The company also said it mitigated an average of 1,955 attacks per day, with a maximum of 4,296 attacks recorded in a single day on August 10, 2021. For the entirety of H2 2021, no fewer than 359,713 unique attacks against its infrastructure were blocked, a 43% increase from the first half of 2021.

The gaming industry emerged as the hardest hit sector, followed by financial institutions, media, internet service providers (ISPs), retail, and supply chain entities. Most of the targeted organizations were located in the U.S., India, East Asia (Hong Kong), Brazil, the U.K., South Korea, Japan, Australia, and the U.A.E.

"We saw a sharp uptick in attacks in India, from just 2% of all attacks in the first half of 2021 to taking the second position at 23% of all attacks in the second half of 2021," Toh said. "Another driving factor may be that the acceleration of digital transformation, for example, the 'Digital India' initiative, has increased the region's overall exposure to cyber risks."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.