On July 15, 2024, Akamai successfully thwarted one of the largest distributed denial-of-service (DDoS) attacks it has ever encountered, targeting a major financial services company in Israel. This unprecedented assault, lasting nearly 24 hours, resulted in the mitigation of 419 terabytes of malicious traffic.
The DDoS campaign, noted for its sophistication and scale, began at 8:05 UTC (10:05 AM local time) and utilized a diverse array of attack vectors, including UDP flood, UDP fragmentation, DNS reflection, and PSH+ACK attacks. The attack emanated from a globally distributed botnet, targeting over 278 IP addresses, indicative of a highly coordinated and resourceful aggressor.
Anatomy of the attack
The attack's magnitude ranged between 300 to 798 gigabits per second (Gbps), placing it among the largest DDoS incidents managed by Akamai’s Prolexic platform. Although it did not surpass the record 1.44 terabits per second (Tbps) peak, its sustained nature marked it as the sixth-largest in peak traffic managed by Akamai.
The primary attack window spanned three hours, during which 389 terabytes of traffic were blocked. The entire 24-hour period saw Prolexic mitigating approximately 419 terabytes of malicious data. This prolonged duration underscores the attack's severity, as typical DDoS assaults are short-lived, aiming to disrupt services quickly and cost-effectively.
Threat landscape
The targeted financial services company, repeatedly hit since Q4 2023 amidst the Israel-Hamas conflict, faced 27 significant DDoS attacks over the past 90 days, all mitigated by Akamai. This attack wave tested and exceeded the defense capabilities of many cybersecurity vendors, revealing vulnerabilities that sophisticated aggressors could exploit in future attacks.
The targeted entity, a major player in Israel's financial sector, underscores the broader threat landscape facing financial institutions. The attack on July 15 was part of a larger pattern affecting multiple Israeli financial institutions, causing outages and downtimes. These attacks highlight the aggressor's capability to direct substantial resources against chosen targets, potentially extending beyond Israel and the financial sector.
Defense strategies
To counter such potent DDoS threats, businesses and organizations must reevaluate their DDoS defenses. Akamai's Prolexic platform, which effectively mitigated the July 15 attack, provides a robust defense framework. Key recommendations for enhancing DDoS defense include:
- Conduct comprehensive risk assessments of existing DDoS mitigation services.
- Ensure critical subnets and IP spaces have robust mitigation controls.
- Deploy always-on DDoS security controls to reduce response times and operational burdens during attacks.
- Implement an edge-based network cloud firewall to block unwanted traffic globally.
- Deploy authoritative DNS solutions and DNS proxy solutions to protect against DNS-focused DDoS attacks.
- Develop and maintain an incident response plan with clear roles, communication channels, and predefined mitigation strategies.
Apple Announces Tightened Security Measures in macOS Sequoia
Leave a Reply