AWS KOPS Largest DDoS Attack Ever

Amazon Web Services (AWS) said the February attack had fired 2.3Tbps

The AWS teams can congratulate themselves. Amazon has just declared that its managed Ddos protection service AWS Shield has just rendered it impossible to harm the largest Ddos attack ever recorded, by stopping a 2.3 Tbps attack in mid-February 2020. The incident was revealed in the company’s annual report, which details the web-based attacks mitigated by its AWS Shield protection service.

Amazon Web Services (AWS) said the February attack had fired 2.3Tbps

If the report does not reveal the identity of the client targeted by this attack, it still states that it was carried out using hijacked CLDAP web servers and caused three days of "high threat" to its AWS Shield staff. As a reminder, CLDAP (Connection-less Lightweight Directory Access Protocol) is an alternative to the old LDAP protocol and is used to connect, search and edit shared directories on the Internet.

This protocol has been misused for Ddos attacks since the end of 2016. CLDAP servers are known to amplify Ddos traffic from 56 to 70 times its initial size, making it a highly sought-after protocol and a common option provided by Ddos services on demand. The previous record for the largest Ddos attack ever recorded was 1.7 Tbps, collected by NETSCOUT Arbor in March 2018. Before that, the largest Ddos attack ever recorded was a 1.3 Tbps Ddos attack that hit Github a month earlier in February 2018.

A record attack

Netscout and Github’s Ddos attacks had used Memcached servers exposed to the Internet to achieve massive volumes. By the time the 2018 attacks took place, Memcached was imposing itself as a new vector of Ddos attack, and many groups of hackers and on-demand Ddos services rushed to take advantage of over 100,000 Memcached servers on display to wreak havoc on the Internet.

Since then, Ddos attacks have become rarer to reach a peak of 500 Gbps in most cases. That’s why this news of the AWS attack at 2.3 Tbps so surprised the players in the sector. For example, in its quarterly report for the first quarter of 2020, the Link11 Ddos mitigation service indicated that the largest Ddos attack it mitigated was 406 Gbps. In its first quarter 2020 Ddos report, Cloudflare indicated that the largest Ddos attack it mitigated reached a peak of over 550 Gbps.

Akamai also reported earlier in the day on the mitigation of a 1.44 Tbps Ddos attack during the first week of June 2020. But these numbers are rare: most Ddos attacks are now small. Link11 reported that the average size of Ddos attacks in the first quarter of 2020 was only 5 Gbps. Cloudflare reported that 92% of the mitigated Ddos attacks in the first quarter of 2020 were below 10 Gbps and 47% were even smaller, below 500 Mbps. The fact remains that with this attack of unparalleled magnitude taken by AWS, the Ddos attacks have just found their new record.