AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever
Amazon said its AWS Shield service mitigated the largest DDoS attack ever recorded, stopping a 2.3 Tbps attack in mid-February this year.
The incident was disclosed in the company’s AWS Shield Threat Landscape [PDF], a report detailing web attacks mitigated by Amazon’s AWS Shield protection service.
The report didn’t identify the targeted AWS customer but said the attack was carried out using hijacked CLDAP web servers and caused three days of “elevated threat” for its AWS Shield staff.
CLDAP (Connection-less Lightweight Directory Access Protocol) is an alternative to Microsoft’s LDAP protocol and is used to connect, search, and modify Internet-shared directories.
The protocol has been abused for DDoS attacks since late 2016, and CLDAP servers are known to amplify DDoS traffic by 56 to 70 times its initial size, making it a highly sought-after protocol and a common option provided by DDoS-for-hire services.
The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, mitigated by NETSCOUT Arbor in March 2018.
Before that, the biggest DDoS attack ever recorded was a 1.3 Tbps DDoS attack that hit GitHub, a month before, in February 2018.
The Netscout and GitHub DDoS attacks abused internet-exposed Memcached servers to reach massive bandwidths.
At the time of the 2018 attacks took place, Memcached was a new DDoS attack vector, and many hacker groups and DDoS-for-hire services rushed to abuse more than 100,000 Memcached servers to create havoc around the internet.
However, in the meantime, massive DDoS attacks have become a rarity, primarily due to internet service providers (ISPs), content delivery networks (CDNs), and other major internet players working together to secure vulnerable Memcached systems.
Nowadays, most DDoS attacks usually peak in the 500 Gbps range, which is why news of the AWS 2.3 Tbps attack was a surprise for industry players.
For example, in its quarterly report for Q1 2020, DDoS mitigation service Link11 reported that the largest DDoS attack it mitigated was 406 Gbps. In its Q1 2020 DDoS report, Cloudflare said the biggest DDoS attack it mitigated peaked at over 550 Gbps.
Akamai similarly reported earlier today of mitigating a DDoS attack of 1.44 Tbps in the first week of June 2020.
However, these numbers are rarities and the outliers in every DDoS quarterly report. Most DDoS attacks are small in scale. Link11 said the average size of a DDoS attacks in Q1 2020 was only 5 Gbps.
Cloudflare said that 92% of the DDoS attacks it mitigated in Q1 2020 were under 10 Gbps and that 47% were even smaller, of under 500 Mbps.
Nonetheless, we now have a new DDoS attack record.