Navigation in season 2024: Insights to Azure’s DDOS defense | Blog Microsoft Azure

The holiday season 2024 revealed a complex and evolving threat for distributed denying attacks (DDOS). This year’s trends include advanced tactics, such as the increase in DDOS-for-form surgery operations, the collection of massive Botnets DDOS script, politically motivated offensive campaigns and a CDN obtok (content adds the network) protectors, among others developing threats.

The holiday season 2024 revealed a complex and evolving threat for distributed denying attacks (DDOS). This year’s trends include advanced tactics, such as the increase in DDOS-for-form surgery operations, the collection of massive Botnets DDOS script, politically motivated offensive campaigns and a CDN obtok (content adds the network) protectors, among others developing threats.

Landscape of attack on holidays 2024 in Azure

During the holidays we noticed a shift in samples of the last year’s attack and emphasized how harmful actors constantly specify their tactics to bypass DDOS protection.

The volume of a daily attack

Azure’s security infrastructure alleviates up to 3,800 day attacks. Extensive attacks over a million packets per second (PPS) account for about 20% of them, similar to last year’s analysis. Highly volumetric on the basis of 10m PPS are rare, at only 0.2% of all attacks, reflecting the target of attackers to minimize resources and avoid detection.

Data chart showing the number of daily attacks DDOS

Attack protocols

In 2024, the holiday season was prevailing to use attacks based on TCP (transport control protocol) focused on various web applications and resources, which represents 77% of attacks. This is, unlike last year, when UDP attacks (user datagram) are almost 80% of game play attacks and other sources. The main offensive vectors of TCP this year were TCP son (synchronization) and ACK (confirm) floods.

Table of attack protocols

Azure blocks the massive Typhon attack

The stunning attack on the game resources reached 100-125 million PPS in more waves. This attack, whose signatures refer to the Typhon Botnet, was fully alleviated by Azure’s defense.

Graph's permeability

Attacks

In this festive season we have again witnessed the tactics of the same opponents who tried to bypass the strategies of mitigating DDOS by starting attacks on Burst or short -term. 49% of all attacks emerged up to 5 minutes, while 83% of the attacks took less than 40 minutes. It is keen to understand that any DDOS countermeasures for alleviation that we implement to protection for application should dig effective alleviation.

Length of attack

Political motifs and an increase in ddos-for-the following

In this festive season, the trends of Azure Global Formulas reflect. Politically motivated attacks, driven by geopolic tension, persist. DDOS threats remain a significant problem because new actors use available tools for disruption.

The rise of DDOS-for-Hire services, which often cared as stress and booters, was a meaningful popularity among attacks. These platforms, which read on cyber crimes, have democratized the ability to initiate robust DDOS attacks, causing them to attack less sophisticated criminals at minimal costs. In recent years, the availability and use of these services have been increased. During this holiday season, the International Agency for Enaces performed operations in December, such as PowerOff Operation Last December, which led to the arrest of three individuals and closing 27 domains associated with DDOS-for-proning platforms. Despite this effort, DDOS stressors are still doing well and offer different methods of attack and forces and are likely to persist in their prevalence.

Preparation for 2025

The holiday season 2024 emphasized the destroying the threat of DDOS attacks. Organizations must strengthen their cyber security strategies to face these developing threats in the new year. In 2025, it is essential to strengthen defense and alert for new tactics. Azure’s resistance to advanced DDOS threats emphasizes the importance of robust security measures for the protection of digital assets and business continuity.

Identification of exposure points

Start by determining that your applications are exhibited on the public Internet. Evaluation of potential risks and vulnerability of these applications is essential for understanding where you can be most prone to attacks.

Normal recognition of operations

Meet the normal behavior of your applications. Azure provides monitoring services and proven procedures to help you get information about the health of your applications and diagnostic problems.

Simulation of the scenarios of an attack

Regularly operating the attack simulations is an effective way to test your services to potential DDOS attacks. During testing, check that your services or applications are still having fun as expected and that user experience is not disturbed. Identify the gaps in terms of technology and process and integrate them into your DDOS reaction strategy.

Ensuring robust protection

With a high risk of attacking DDOS, it is necessary to have DDOS protection such as Azure DDOS protection. This service always provides traffic monitoring, automatic alleviation of attack after detection, adaptive tuning in real time, and full visibility of DDOS attacks with telemetry, monitoring and real -time warning.

Implementation of layered security

To understand protection, create multilayer defense by deploying Azure DDOS with Azure Web Application Firewall (WAF). Azure DDOS protection provides a network layer (layer 3 and 4), while Azure WAF protects the application layer (layer 7). This combination ensures protection against various types of DDOS attacks.

Configuration

Azure DDOS protection can identify and mitigate the user intervention. Configuring alert for active alleviation can inform you about the status of protected public IP sources.

Formulation of the Plan of Answer

Set up a DDOS reaction team with clearly defined roles and responsibility. This team should be adept at the identification, alleviating and monitoring of attack and coordination with internal stakeholders and customers. Use simulation testing to identify any gaps in your response strategy and ensure that your team is ready for different attack scenarios.

Search for professional assistance

In the event of an attack, technical experts are essential. Customers Azure DDOS Protection have access to the DDOS Rapid Responsibility (DRR) for help during and after attacks. After the attack, it continues to monitor resources and performs retrospective analysis. Use knowledge to improve your DDOS response strategy and make better readiness for future incidents.

Call to action

The holiday season 2024 emphasized the evolving threat of attacks on DDOS with a significant increase in ddos-pronging, massive botnets and politically motivated campaigns. These threats emphasize the need for robust DDOS protection and DDOS response plan. Azure supports organizations to stay before these threads. Customers should allow multilayer protection by deploying Azure DDOS using Azure Web Application Firewall (WAF). In addition, customers should allow telemetry and capacitimity notification to effectively monitor and respond to active alleviation.

Leave a Comment