Akamai Blocks 419 TB of Malicious Traffic in Major 24-Hour DDoS Attack 

In an alarming trend, cybercriminals are increasingly exploiting legitimate remote management tools to infiltrate and compromise corporate networks. According to a recent

Executive Summary 

On July 15, 2024, Akamai thwarted one of the largest and most sophisticated distributed denial-of-service (DDoS) attacks ever recorded. Targeting a major financial services company in Israel, the attack lasted nearly 24 hours and involved a massive volume of traffic. This incident underscores the growing threat of high-volume DDoS attacks and highlights the need for robust cybersecurity measures. 

Anatomy of the Attack 

The attack began at 8:05 UTC (10:05 AM local time) on July 15, 2024, and featured various attack vectors, including UDP flood, UDP fragmentation, DNS reflection, and PSH+ACK. Originating from a globally distributed botnet, the attack peaked between 300 and 798 gigabits per second (Gbps). Despite not surpassing the largest attack ever recorded by Akamai Prolexic (1.44 Tbps), it was among the sixth-largest in terms of peak traffic. 

The attack was notable not only for its volume but also for its duration. The main assault window lasted three hours, during which Akamai mitigated 389 terabytes of traffic. Over the full 24-hour period, approximately 419 terabytes of malicious traffic were blocked. 

A New DDoS Threat 

The scale and duration of this attack suggest a highly resourceful aggressor with significant capabilities. This attack targeted over 278 IP addresses simultaneously, indicating a well-coordinated effort against multiple financial institutions. The attack’s intensity and duration reveal a sophisticated level of planning and execution. 

The Situation in Israel 

2024 has seen an unprecedented number of DDoS attacks against Israeli businesses and institutions, coinciding with regional conflicts. The targeted financial services customer had already faced 27 significant attacks in the past 90 days, all successfully mitigated by Akamai Prolexic. Prior to this attack, the largest recorded attack against this customer was 330 Gbps. 

Who Is at Risk? 

Organizations with on-premises DDoS defense systems or those relying solely on hosting provider defenses are at higher risk of being severely impacted by high-volume attacks. Effective DDoS protection requires robust, scalable solutions that can handle large-scale attacks without affecting legitimate traffic. 

Minimizing Risk 

To protect against similar future attacks, businesses should consider the following steps: 

1.Assess Risk and Mitigation Services: Evaluate your current DDoS defenses and ensure they are adequate for handling large-scale attacks. 

2.Deploy Always-On DDoS Security Controls: Implement continuous DDoS protection to avoid emergency integration and reduce response burdens. 

3.Extend Security Posture: Use edge-based network cloud firewalls, like Akamai Prolexic, to block unwanted traffic globally and centrally. 

4.Protect DNS Infrastructure: Deploy robust DNS solutions to defend against DNS-focused DDoS attacks. 

5.Develop an Incident Response Plan: Create a comprehensive response plan with defined roles, communication channels, and mitigation strategies. 

How TAC Security’s ESOF Products Can Help 

TAC Security’s ESOF (Enterprise Security in One Framework) products provide comprehensive solutions to mitigate and prevent cyber threats, including DDoS attacks: 

ESOF-VMP (Vulnerability Management Platform): ESOF-VMP manages and mitigates vulnerabilities across your entire IT environment. It provides detailed insights and actionable recommendations to strengthen your defenses, ensuring that vulnerabilities which could be exploited in a DDoS attack are addressed. 

ESOF-AppSec (Application Security): ESOF-AppSec focuses on securing applications by identifying and resolving security weaknesses during development and deployment. By fortifying your applications, you reduce the risk of application-level vulnerabilities being targeted in a DDoS attack. 

ESOF-CRQ (Cyber Risk Quantification): ESOF-CRQ offers a comprehensive assessment of your organization’s cyber risk posture. By quantifying potential risks and their impacts, it helps prioritize security measures and investments, enhancing your overall resilience against sophisticated attacks. 

ESOF-VACA (Vulnerability Assessment and Configuration Assessment): ESOF-VACA continuously monitors and assesses your IT environment for vulnerabilities and potential threats. This proactive approach allows for early detection and remediation of risks before they can be exploited in a DDoS attack. 

ESOF-PCI ASV (Payment Card Industry Approved Scanning Vendor): ESOF-PCI ASV helps ensure compliance with PCI DSS by performing regular security scans of your network. This compliance helps protect sensitive payment data from being targeted in cyberattacks, including DDoS. 

Conclusion 

The July 15 attack demonstrates the escalating threat of sophisticated DDoS campaigns. Organizations must enhance their security measures and stay vigilant to protect against such high-volume attacks. Akamai’s Prolexic platform played a crucial role in mitigating this unprecedented attack, highlighting the importance of advanced DDoS protection solutions in today’s cyber threat landscape.