News

Microsoft Outlines Efforts to Protect Azure Users from Denial of Service Attacks

• By Kurt Mackie
• 01/25/2022

Microsoft on Tuesday offered its own report card on the blocking of distributed denial of service (DDoS) attacks on Azure services customers, as tallied from stats from latter half of 2021.

There were "359,713 unique [DDoS] attacks against our global infrastructure during the second half of 2021, a 43 percent increase from the first half of 2021," Microsoft indicated. The attacks mostly targeted service providers hosting online games, including Activision Blizzard, a company Microsoft is currently working to acquire.

Gaming Industry Targeted
Microsoft sadly noted that "the gaming industry has always been rife with DDoS attacks because players often go to great lengths to win."

Other DDoS targets include financial services companies, media organizations, plus supply-chain and retail businesses. Voice-over-IP service providers are targets, too, particularly during the holidays.

However, in 2021, the greatest number of attacks occurred in August, rather than during the holidays. That change in behavior possibly suggests that DDoS attackers now work "year round," Microsoft suggested. Attackers can now rent "DDoS for-hire services" for as little as $300 per month, it added.

DDoS attackers mostly target organizations in the United States (54 percent), followed by India (23 percent) and East Asia (8 percent). Attacks on India jumped from 2 percent in 1Q 2021 to 23 percent in 2Q 2021.

The biggest DDoS attack happened in November. It consisted of 340 million packets per second getting sent, using 3.47 terabytes per second throughput. It was perhaps "the largest attack ever reported in history," Microsoft indicated. This 15-minute attack was launched from 10,000 sources in multiple countries, targeting "UDP [User Datagram Protocol] reflection on port 80."

UDP is the protocol typically used by streaming services and gaming applications. Microsoft found that UDP spoof flood attacks represented "55 percent of all attacks" in the second half of 2021. Multiplayer game servers particularly can't handle "short-burst UDP attacks," Microsoft indicated.

Most DDoS attacks are short. However, attacks lasting more than one hour doubled in the second half of 2021, "from 13 percent to 27 percent."

Azure Protections
Microsoft claimed that Azure customers have less worries on protecting workloads from DDoS attacks compared with organizations using their own infrastructure.

Azure's DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can scale enormously to absorb the highest volume of DDoS attacks, providing our customers the level of protection they need. The service employs fast detection and mitigation of large attacks by continuously monitoring our infrastructure at many points across the Microsoft global network. Traffic is scrubbed at the Azure network edge before it can impact the availability of services. If we identify that the attack volume is significant, we leverage the global scale of Azure to defend the attack from where it is originating.

Some specific technologies add protection against DDoS attacks. Microsoft pointed to an inline DDoS protection capability, currently offered at preview through partner network virtual appliances, as protecting latency-sensitive applications.

Microsoft also recommended combining the DDoS Protection Standard with "Application Gateway web application firewall (WAF), or a third-party web application firewall" to protect against "L3-L7 attacks." It's a scenario for Azure Front Door users, as well as platform-as-a-service users, and organizations using their own backend resources. Organizations can use Azure Firewall Manager to manage the DDoS Protection Standard on virtual networks.