Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. Detailing the attack in its Q1 2020 threat report, Amazon said that the attack occurred back in February, and was mitigated by AWS Shield, a service designed to protect customers of Amazon’s on-demand cloud computing platform from DDoS attacks, as well as from bad bots and application vulnerabilities. The company did not disclose the target or the origin of the attack.
To put that number into perspective, prior to February of this year, ZDNet notes that the largest DDoS attack recorded was back in March 2018, when NetScout Arbor mitigated a 1.7 Tbps attack. The previous month, GitHub disclosed that it had been hit by an attack with a peak of 1.35 Tbps.
February’s attack was a so-called “reflection attack.” As CloudFlare explains, the attempt here is to use a vulnerable third-party server to amplify the amount of data being sent to a victim’s IP address. It mainly relied on exploiting CLDAP servers to amplify its traffic. Attacks using this protocol, which is normally used to access and edit directories shared over the internet, have been taking place since 2016, ZDNet notes.
Despite its record-breaking size, attacks of this scale are relatively uncommon. Amazon said that between Q2 2018 and Q4 2019, the largest attacks it saw were smaller than 1 Tbps, and that in the first quarter of this year 99 percent of attacks were 43 Gbps or smaller. ZDNet notes that the 2018 attacks relied on exploiting a new Memcached attack vector, but says that in the years since, internet service providers and content delivery networks have worked to secure Memcached servers that are vulnerable to being exploited.