The record for biggest ever Distributed Denial of Service (DDoS) attack has been smashed, and we have Amazon to thank for dealing with it.
The previous record holder for biggest DDoS was set back in March 2018 when a 1.7Tbps attack was launched against an unnamed US-based service provider. It was mitigated by Netscout Arbor. Before that, the record was held by an attack on GitHub. However, as ZDNet reports, Amazon has this week revealed in a report that its AWS Shield service mitigated a 2.3Tbps DDoS attack back in mid-February this year.
We don’t hear about DDoS attacks very often anymore, and that’s mainly due to a range of DDoS-specific services and Content Delivery Networks appearing to help stop them from making an impact. AWS Shield is one of those services, with Amazon marketing it as “managed DDoS protection.”
The identity of the AWS customer who was targeted by this record-setting DDoS is not being shared publicly, but the report states the attack, “caused 3 days of elevated threat during a single week in February 2020 before subsiding.” The attacker took advantage of hijacked Connection-Less Lightweight Directory Access Protocol (CLDAP) servers, which are used to allow connection, search, and modification of Internet-shared directories.
CLDAP is a protocol commonly abused by DDoS attacks because it allows the data being sent to be amplified massively. The attacker sends a request to the CLDAP server and uses IP address spoofing to ensure the response goes to the victim’s server. The protocol allows the response traffic to be amplified up to 70x, so for every byte sent to to the CLDAP server, up to 70 bytes gets sent to the victim.
The fact that we’re only hearing about this several months after it happened suggests DDoS attacks no longer have the impact they once did. At least, they don’t against any company or service that’s taken appropriate measures to protect against them.