fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Mitigated a Record 3.47 Tbps DDoS Attack on Azure Users

Microsoft Mitigated a Record 3.47 Tbps DDoS Attack on Azure Users

Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second (Tbps) distributed denial of service (DDoS) attack targeting an Azure customer from Asia in November.

Two more large size attacks followed this in December, also targeting Asian Azure customers, a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443.

“In November, Microsoft mitigated a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps), targeting an Azure customer in Asia. We believe this to be the largest attack ever reported in history,” said Alethea Toh, an Azure Networking Product Manager.

Also Read: How To Anonymised The Data: What Are The Importance Of This?

“This was a distributed attack originating from approximately 10,000 sources and from multiple countries across the globe, including the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan.”

The 15 minutes attack used multiple attack vectors for UDP reflection on port 80, including:

  • Simple Service Discovery Protocol (SSDP),
  • Connection-less Lightweight Directory Access Protocol (CLDAP),
  • Domain Name System (DNS),
  • and Network Time Protocol (NTP)

Previous record-breaking publicly reported DDoS attacks were a 21.8 million requests per second (rrps) application layer assault that hit the Russian internet giant Yandex in August and a 2.3 Tbps volumetric strike detected by Amazon Web Services Shield during Q1 2020.

Google Security Reliability Engineer Damian Menscher also revealed two years ago that Google mitigated a 2.54 Tbps DDoS in 2017.

3.47 Tbps attack
3.47 Tbps Azure DDoS attack (Microsoft)

“Largest attack ever reported in history”

The November 3.47 Tbps attack was the largest one the company had to face to date (and likely ever recorded), after previously reporting that it mitigated another record 2.4 Tbps attack targeting a European Azure customer during late August.

Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore

Microsoft saw a rise in attacks that lasted longer than an hour in the second half of 2021, while multi-vector attacks such as the record one mitigated in November were prevalent.

These more prolonged DDoS attacks usually come as a sequence of short-lived, repeated burst attacks quickly ramping up (in seconds) to terabit volumes.

“Gaming continues to be the hardest hit industry. The gaming industry has always been rife with DDoS attacks because players often go to great lengths to win,” Toh added.

“The concentration of attacks in Asia can be largely explained by the huge gaming footprint10, especially in China, Japan, South Korea, Hong Kong, and India, which will continue to grow as the increasing smartphone penetration drives the popularity of mobile gaming in Asia.”

Microsoft also defended customers against new TCP PUSH-ACK flood attacks (dominant in the East Asia region) during the 2021 holiday season.

“We observed a new TCP option manipulation technique used by attackers to dump large payloads, whereby in this attack variation, the TCP option length is longer than the option header itself,” Toh said.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us