Akamai mitigates record-breaking 900Gbps DDoS attack in Asia

Akamai reports having mitigated the largest DDoS (distributed denial of service) attack ever launched against a customer based in the Asia-Pacific region.

DDoS is an attack that involves sending a large volume of garbage requests to a targeted server, depleting its capacity, and thus rendering the websites, applications, or other online services it hosts unreachable by legitimate users.

These attacks are usually done to cause business disruption, whether that be for political purposes, retribution, competition interests, geopolitical reasons, or to extort the victim by delivering ransom demands.

The record-breaking attack that  unfolded on February 23, 2023, peaking at 900.1 gigabits per second and 158.2 million packets per second.

DDoS attack one-minute peak
DDoS attack one-minute peak (Akamai)

Akamai characterizes the attack as intense and short-lived, with its peak lasting for about one minute, which matches current trends in the DDoS space.

The internet security company handled the attack well, dropping the garbage traffic to its scrubbing network, with most ending up in Hong Kong, Tokyo, São Paulo, Singapore, and Osaka centers.

A scrubbing network is a DDoS mitigation measure involving a distributed infrastructure of many strategically located centers that take incoming traffic and remove unwanted requests from the target’s network.

Scrubbing network load
Scrubbing network load (Akamai)

Although 48% of the malicious traffic was handled by scrubbing centers in the APAC region, all of Akamai’s 26 centers were loaded, but none surpassed 15% of the total traffic.

Akamai says that the impacted customer experienced no direct or collateral damage, and their services weren’t rendered inaccessible to legitimate customers.

Record DDoS attacks

Akamai’s highest mitigation was a DDoS attack on September 12, 2022, targeting a customer in Eastern Europe.

That attack peaked at , about 4.5 times more than the recent event, but the volumetric figures aren’t available for that incident.

From that perspective, the record holder remains Microsoft, who, in November 2021, mitigated a  targeting an Asia-based Azure customer.

A recent case of this scale is a Cloudflare DDoS attack mitigation that targeted Wynncraft, one of Minecraft’s largest servers and .