Earlier this week, on June 16, a widespread outage of various online services in America was reported caused by Distributed Denial of Service (DDoS) attacks. It affected several companies including Facebook, T-Mobile, and even the online game Fortnite.
Now, Amazon’s AWS Shield said it has managed to overcome the largest DDoS attack ever and was able to stop a 2.3 Tbps attack that happened in February this year, right when the coronavirus pandemic was just getting bigger.
According to ZDNet, the incident was reported in Amazon’s AWS Shield Threat Landscape, which details web attacks that have been mitigated by the company. Nevertheless, the incident report did not include which AWS client was attacked, but it did detail how the attack happened.
Based on the PDF file, the DDoS attack was done through hijacked Connection-less Lightweight Directory Access Protocol (CLDAP) web servers, causing an “elevated threat” for its AWS Shield staff for three days. For those who are unaware, CLDAP is an alternative to the older LDAP protocol.
It is used to connect to internet-shared directories and allows users to search and modify them. However, DDoS attacks have been abusing the protocol since the later months of 2016 which is why DDoS-for-hire services have been seeking CLDAP servers. Additionally, the protocol is also known to amplify the attacks by 56 to 70 times its initial traffic size.
Read Also: [HACKERS] Hacking Campaign Targets Aerospace and Military Staff With Cyberattackers Posing as HR Offering Fake Jobs
The 2.3 Tbps attack mitigated by the AWS Shield is the largest one ever recorded, dethroning the 1.7 Tbps attack that happened in March 2018, which was mitigated by NETSCOUT Arbor.
Another massive attack was also recorded in 2018, with a size of 1.3 Tbps that was mitigated by GitHub, which made it the most extensive attack back then.
Those DDoS attacks stopped by NETSCOUT and GitHub used an internet-exposed Memcached server that made it easier for the attackers to reach larger bandwidths.
Back then, DDoS attacks were more common as cybercriminals rushed to abuse more of these Memcached servers, but they gradually became a rarity as various internet players like internet service providers (ISPs) and content delivery networks (CDNs) worked together to secure vulnerable Memcached servers.
These days, the peak of DDoS attacks only reach 500 Gbps, making the 2.3 Tbps attack surprising for those involved in the field.
Earlier this week, T-Mobile users were unable to use their phones to call others, as reported by TechTimes. Aside from T-Mobile, massive telecom companies like Verizon, Cricket Wireless, AT&T, and MetroPCS also had problems with their servers.
According to the report, the US was primarily targeted from multiple sources. Overloading a server with requests until it breaks down also made the attack harder to stop than usual.
Read Also: Lumin PDF Upgrades Security Following Breach