Akamai Blocks a Doozie of a DDoS Attack

Akamai, which runs a massive content distribution network (CDN), is ideally situated to observe and react to cyberattacks. It operates hundreds of thousands of points of presence all around the world. They can therefore detect trouble before anyone else even knows there’s a problem. So it was on September 5, when Akamai observed and thwarted a massive distributed denial-of-service (DDoS) attack targeting a large American financial institution. (Disclosure: I previously worked as a contract writer for Akamai.)

As Akamai explained, there is usually only a small amount of legitimate traffic coming to this company’s site from within the United States. However, in just two minutes, the target was on the receiving end of 633.7 gigabits of traffic per second (Gbps) and 55.1 million packets per second (Mpps) from all over the world.  Sources included Bulgaria, Brazil, China, India, Thailand, Russia, Ukraine, Vietnam, and Japan.

Akamai’s Prolexic DDoS defense platform blocked a flood of ACK, PUSH, RESET, and SYN flood attack vectors. The attack was directed at the target’s main web landing page. The likely intent was to disrupt their online banking. However, with Akamai’s intervention, the incident didn’t harm or disrupt services. If Prolexic had not been functioning, the attack would have probably stopped the company’s operations for a period of time. DDoS attacks are also often a smokescreen for implanting malware, so the target likely avoided that fate as well.

This incident is a reminder of how potent and commonplace DDoS attacks have become. They may not be fancy or technologically interesting, but they are potentially devastating. Financial services, in particular, remains a popular target. Nearly a third of the DDoS attacks detected by Akamai have targeted financial services firms. Akamai stated, “Financial institutions are a key pillar of an economy, and targeting such businesses often has a larger impact on the overall economy.”

Akamai’s report on the attack also revealed some interesting facts about the DDoS trend. It turns out that Bulgaria, of all places, is the number once source of DDoS traffic—clocking in at 999.56 Gigabytes in a 24-hour period.

Industry experts warned that DDoS should be a concern for everyone, however. According to Emily Phelps, Director, Cyware, “While financial institutions should pay close attention to the escalating attacks aimed at banks, enterprises across all sectors should take notice and ensure they have appropriate protections in place. Threat actors are not loyal to hitting one particular industry if the opportunity presents itself elsewhere. As DDoS attacks grow in scale and frequency, organizations must adopt more proactive measures to safeguard against such threats. Enterprises should regularly evaluate their risks and vulnerabilities and stay updated on the latest DDoS tactic, updating their defenses accordingly.”

Dave Ratner, CEO, HYAS, weighed in as well, saying, “The attack highlights that a chain is only as strong as its weakest link — in this case, one user likely following a malicious link amongst the hundreds that were delivered. Even the smartest of professionals will occasionally make mistakes or be fooled. It has never been clearer that Protective DNS solutions, capable of catching that mistake when a user clicks on a nefarious link, are required as part of a depth-in-depth strategy.”

Akamai concluded its report with guidance on minimizing DDoS risks. Suggestions included reviewing CISA recommendations and reviewing critical subnets and IP spaces to ensure that mitigation controls are in place. It was a reminder that while DDoS attacks are very serious, they can also be mitigated if targets take appropriate steps.