Amazon announced it has mitigated the largest ever DDoS attack of 2.3 Tbps, the news is surprising if we consider that the previous record was of 1.7 Tbps that took place in March 2018.
The 2.3 Tbps attack was neutralized by the Amazon AWS Shield service in mid-February this year.
The news of the attack was included in the AWS Shield Threat Landscape report published by Amazon that detailing web attacks mitigated by Amazon’s AWS Shield protection service.
“In Q1 2020, a known UDP reflection vector, CLDAP reflection, was observed with a previously unseen volume of 2.3 Tbps. This is approximately 44% larger than any network volumetric event previously detected on AWS.” reads the report published by Amazon. “CLDAP reflection attacks of this magnitude caused 3 days of elevated threat during a single week in February 2020 before subsiding. Despite this observation, smaller network volumetric events are far more common. The 99th percentile event in Q1 2020 was 43 Gbps.”
The report didn’t name the target of the DDoS attack, AWS experts only revealed that the magnitude was obtained with CLDAP reflection attack.
The Connection-less Lightweight Directory Access Protocol (CLDAP) is an alternative to the LDAP protocol from Microsoft. The protocol is used to connect, search, and modify shared internet directories, a CLDAP DDoS can amplify traffic to 70 times its volume.
According to the report, most of the DDoS attacks are smaller network volumetric events, with the 99th percentile event in Q1 2020 was 43 Gbps.
AWS researchers observed a +10% increase in the total number of events compared with Q4/2019, while the largest bit rate (Tbps) passed from 0,6 in Q4/2019 to 2,3 in Q1/2020.
“The number of volumetric events detected by AWS Shield is influenced by growth in the number of applications hosted on AWS, improvements to AWS Shield detection, and the frequency at which applications are targeted by external threats.” concludes the report. “The number of detected events has increased by 23% since the same quarter in 2019. This was driven by an increase in the number of web application-layer events. Network volumetric events decreased by 20%.”
(SecurityAffairs – DDoS, hacking)