AWS claims to have blocked the largest DDoS attack in history
Cloud giant reveals three days of malicious traffic hit a peak of 2.3 Tbits/sec
Amazon has revealed that its online cloud fended off what's considered to be one the largest distributed denial of service (DDoS) attacks in history.
The incident happened in February, hitting 2.3 Tbits/sec at its peak, according to a report from AWS Shield, smashing the previous peak record of 1.7 Tbits/sec.
The peak of the attack was 44% larger than anything the services had seen before and led to three-days of "elevated threat" status. Amazon Web Services provides the infrastructure for many websites, but the report doesn't identify which websites had been targeted by the attack.
"In Q1 2020, a known UDP reflection vector, CLDAP reflection, was observed with a previously unseen volume of 2.3 Tbps," the report stated. "This is approximately 44% larger than any network volumetric event previously detected on AWS."
"CLDAP reflection attacks of this magnitude caused 3 days of elevated threat during a single week in February 2020 before subsiding. Despite this observation, smaller network volumetric events are far more common. The 99th percentile event in Q1 2020 was 43 Gbps."
The attack in February was called a "reflection attack", which is thought to be an attempt to use a vulnerable third-party server to amplify the amount of data being sent to a victim's IP address. It relies on exploiting the Connectionless Lightweight Directory Access Protocol (CLDAP), which is often exposed due to configuration issues – though AWS doesn't suggest this to be the case for the February attack.
Downtime caused by DDoS accounts can have large financial implications. According to a 2019 report from Netscout, the size and scale of DDoS attacks in the UK could cost the country almost £1 billion per year. Part of the problem is that DDoS attacks are cheap and easy to deploy, according to Netscout.
In Q1 of 2020, there was a significant increase in both the quantity and Quality of DDoS attacks, according to Kaspersky. Not only have the number of attacks almost doubled, up by 80% against Q1 2019, these attacks have also become longer, the firm suggests.