Amazon says it mitigated the largest DDoS attack ever recorded
Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. Detailing the attack in its Q1 2020 threat report, Amazon said that the attack occurred back in February, and was mitigated by AWS Shield, a service designed to protect customers of Amazon’s on-demand cloud computing platform from DDoS attacks, as well as from bad bots and application vulnerabilities. The company did not disclose the target or the origin of the attack.
To put that number into perspective, prior to February of this year, ZDNet notes that the largest DDoS attack recorded was back in March 2018, when NetScout Arbor mitigated a 1.7 Tbps attack. The previous month, GitHub disclosed that it had been hit by an attack with a peak of 1.35 Tbps. February’s attack was a so-called “reflection attack.”
As Cloudflare explains, the attempt here is to use a vulnerable third-party server to amplify the amount of data being sent to a victim’s IP address. It mainly relied on exploiting CLDAP servers to amplify its traffic. Attacks using this protocol, which is normally used to access and edit directories shared over the internet, have been taking place since 2016, ZDNet notes.