AWS servers hit by sustained DDoS attack

Day-long outage caused by Route 53 DNS system disruption

AWS logo

Businesses were unable to service their customers for approximately eight hours yesterday after Amazon Web Services (AWS) servers were struck by a distributed denial-of-service (DDoS) attack.

After initially flagging DNS resolution errors, customers were informed that the Route 53 domain name system (DNS) was in the midst of an attack, according to statements from AWS Support circulating on social media.

From 6:30pm BST on Tuesday, a handful of customers suffered an outage to services while the attack persisted, lasting until approximately 2:30am on Wednesday morning, when services to the Route 53 DNS were restored. This was the equivalent of a full working day in some parts of the US.

"We are investigating reports of occasional DNS resolution errors. The AWS DNS servers are currently under a DDoS attack," said a statement from AWS Support, circulated to customers and published across social media.

"Our DDoS mitigations are absorbing the vast majority of this traffic, but these mitigations are also flagging some legitimate customer queries at this time. We are actively working on additional mitigations, as well as tracking down the source of the attack to shut it down."

The Route 53 system is a scalable DNS that AWS uses to give developers and businesses a method to route end users to internet applications by translating URLs into numeric IP addresses. This effectively connects users to infrastructure running in AWS, like EC2 instances, and S3 buckets.

During the attack, AWS advised customers to try to update the configuration of clients accessing S3 buckets to specify the region their bucket is in when making a request to mitigate the impact of the attack. SDK users were also asked to specify the region as part of the S3 configuration to ensure the endpoint name is region-specific.

Rather than infiltrating targeted software or devices, or exploiting vulnerabilities, a typical DDoS attack hinges on attackers bombarding a website or server with an excessive volume of access requests. This causes it to undergo service difficulties or go offline altogether.

All AWS services have been fully restored at the time of writing, however, the attack struck during a separate outage affecting Google Cloud Platform (GCP), although there's no indication the two outages are connected.

From 12:30am GMT, GCP's cloud networking system began experiencing issues in its US West region. Engineers then learned the issue had also affected a swathe of Google Cloud services, including Google Compute Engine, Cloud Memorystore, the Kubernetes Engine, Cloud Bigtable and Google Cloud Storage. All services were gradually repaired until they were fully restored by 4:30am GMT.

While outages on public cloud platforms are fairly common, they are rarely caused by DDoS attacks. Microsoft's Azure and Office 365 services, for example, suffered a set of routine outages towards the end of last year and the beginning of 2019.

One instance includes a global incident with US government services and LinkedIn sustaining an authentication outage towards the end of January this year.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Hackers demand ransom from therapy patients after clinic data breach
Security

Hackers demand ransom from therapy patients after clinic data breach

27 Oct 2020
Amazon sacks employee over data breach
Security

Amazon sacks employee over data breach

27 Oct 2020
Zoom starts rolling out end-to-end encryption for all users
Security

Zoom starts rolling out end-to-end encryption for all users

27 Oct 2020
Insider data breaches set to increase due to remote work shift
data breaches

Insider data breaches set to increase due to remote work shift

26 Oct 2020

Most Popular

How Liberty navigated a site relaunch during a pandemic
Sponsored

How Liberty navigated a site relaunch during a pandemic

8 Oct 2020
Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020