Microsoft says Azure was hit with a massive DDoS attack launched from over 500,000 IP addresses

Microsoft recently revealed that its Azure cloud platform successfully mitigated what it described as the largest Distributed Denial of Service (DDoS) attack ever recorded in the cloud sector. This massive assault targeted a single endpoint based in Australia and involved over 500,000 unique IP addresses. The attack was launched by the Aisuru botnet, a Mirai-class Internet of Things (IoT) botnet, leveraging more than 300,000 compromised devices globally. The sheer scale of the attack was staggering, with peak traffic reaching 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps), making it a multi-vector assault of unprecedented size. Most of the infected devices involved in the attack are located within residential internet service provider (ISP) networks in the United States. The Aisuru botnet operates similarly to the notorious Mirai botnet, which has been active for almost a decade by exploiting vulnerabilities in IoT devices such as home routers, DVRs, smart cameras, and other internet-connected consumer electronics. These compromised devices are then used to flood targeted servers with malicious traffic, overwhelming them and causing service disruptions. Despite the enormity of the attack, Microsoft’s globally distributed Azure DDoS Protection infrastructure, combined with continuous detection and filtering capabilities, effectively neutralized the assault. Microsoft confirmed that the attack traffic was filtered and rerouted, allowing customer workloads to remain accessible without interruption. This successful defense highlights the critical role of advanced mitigation technologies in protecting cloud services against ever-growing cyber threats. Aisuru has been gaining notoriety recently, having also targeted other high-profile victims. For instance, the gaming hosting provider Gcore suffered one of the largest DDoS attacks on record before this event. Gcore reported a short but intense volumetric flood, peaking at 6 Tbps and 5.3 billion pps over 30 to 45 seconds, with over half of the malicious traffic originating from Brazil and a significant portion from the United States. The attack characteristics closely matched those of the Aisuru botnet, reinforcing concerns about its persistence and evolving capabilities. Microsoft cautions that this might just be the beginning, warning that DDoS attacks are likely to escalate in size and frequency. As internet speeds improve and fiber-optic connectivity expands into residential areas, the baseline for attack traffic is expected to rise accordingly. Coupled with the growing number of increasingly powerful IoT devices, attackers have a larger arsenal to amplify their assaults. This trend underscores the urgent need for ongoing investment in defensive technologies and careful monitoring of emerging botnet threats. In conclusion, Microsoft’s experience with the Aisuru botnet underlines the evolving threat landscape posed by IoT-based DDoS attacks. The company's ability to successfully mitigate such an enormous attack demonstrates the effectiveness of modern cloud-based protection systems, but the warning signs about future risks remain clear. Organizations relying on cloud services must stay vigilant and proactive in adopting robust cybersecurity measures to withstand these growing cyber onslaughts.