The largest DDoS attack ever took place this February, according to Amazon. The company recently shared a report in which the incident was detailed, including other web attacks mitigated by Amazon’s AWS Shield protection service. The DDoS attack, specifically, reached 2.3 Tbps, and was detected in the middle of February this year.
First of all…
What is Amazon AWS Shield?
As explained in the report, AWS Shield is a managed threat protection which purpose is to safeguard applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service attacks, shortly known as DDoS.
The Threat Landscape Report provides a summary of threats detected and mitigated by AWS Shield. The data is derived from systems that AWS Shield uses to protect applications running on AWS.
The report, however, didn’t specify who the targeted AWS customer was. What’s known is that the attack was performed via CLDAP web servers, resulting in three days of elevated threat for the AWS Shield team.
Also read AWS Reveals 6th Generation of Gravitron-Powered Amazon EC2 Services
What is CLDAP?
Connection-less Lightweight Directory Access Protocol is considered an alternative to the older LDAP protocol. It is deployed to connect, search, and modify Internet-shared directories. This is not the first case of DDoS attackers exploiting the protocol, as attacks have been observed since 2016. Furthermore, CLDAP servers amplify DDoS traffic by 56 to 70 times its initial size. This makes it a highly popular protocol amongst attackers, as it is often provided as an option by DDoS-for-hire services.
Another powerful DDoS attack recently hit a specific website hosted by Akamai. The attack was registered at 1.44 terabits per second and 385 million packets-per-second.
It is noteworthy that a second attack that exceeded 500 megabits-per-second occurred the same day. The attack was targeted against another website hosted by the same hosting company. These two severe DDoS attacks are considered to be made for a social reason related to the sites themselves rather than something related to the hosting provider. Akamai’s investigation shows that the attacker used a diversity of data types for the well-coordinated attacks.