AWS handled the most powerful DDoS attack in history, reaching 2.3 Tb/s
Amazon said that in mid-February of this year, AWS Shield service handled the most powerful DDoS attack in history, reaching a power of 2.3 Tb/s. The previous “record” in this area was set in 2018, when was recorded a DDoS attack with a capacity of 1.7 Tb/s.The incident became known through the publication of the AWS Shield Threat Landscape report, which addresses the various attacks that Amazon AWS Shield had to deal with.
The documents do not indicate which AWS client was attacked in such a powerful way, but it states that DDoS was organized using hacked CLDAP web servers. AWS Shield took three days to resolve the incident.
Let me remind you that the first attacks using the CLDAP protocol (Connection-less Lightweight Directory Access Protocol) were noticed in 2017, though attackers began to use them a year earlier. Then, Akamai experts concluded that usage of LDAP and CLDAP for amplification can increase the power of attack in 55-70 times.
Recall that we recently wrote about the vulnerability CallStranger that allows arranging DDoS and scan local networks.
As mentioned above, the previous DDoS record was set in 2018. At that time, Arbor Networks analysts reported that they had found a DDoS attack on an unnamed US service provider, whose capacity at peak times was 1.7 Tb/s.
Interestingly, a few days before, a powerful DDoS attack hit GitHub, its scale was also considered unprecedented: 1.35 Tb/s or 126.9 million packets per second.
Vulnerable Memcached servers were used for amplification these attacks, and many hacker groups and services for hired DDoS attacks adopted this tactic, starting to abuse Memcached. However, as a result, massive DDoS attacks became rare and almost vanished, mainly due to the efforts of Internet providers, content delivery networks and other large Internet players working together to protect vulnerable Memcached systems.
“Currently, most DDoS attacks rarely exceed 500 Gb/s, so the news of the 2.3 TB/s attack is very unexpected”, — said Amazon.
For example, in a report for the first quarter of 2020, the Link11 DDoS protection service reports that the most powerful attack he had to deal with was 406 Gb/s.
In a similar report for the first quarter of 2020, Cloudflare reported that the most powerful DDoS attack it handled reached a peak capacity of 550 Gb/s. Cloudflare also notes that 92% of DDoS attacks in the first quarter of 2020 did not exceed 10 Gb/s, and 47% were even weaker, less than 500 Mbit/s.
Interestingly, earlier this week, Akamai experts also reported that in early June, they stopped the DDoS attack, whose capacity reached 1.44 Tb/s.
Interestingly, even anti-virus software vendors were attacked – Google Play app launched DDoS attack on ESET website.