AWS Shield Reports Largest DDoS Attack, Overall Increase in Threats

July 21, 2020

Distributed Denial of Service (DDoS) attacks may not be as common as they once were, but that doesn’t mean that malicious entities have given up on bringing systems to a halt by overwhelming web servers.

In mid-February of this year, Amazon Web Services (AWS) Shield reported mitigation of the largest ever DDoS attack. Reported in AWS Shield Threat Landscape Report for the first quarter of 2020, AWS Shield reported mitigating a 2.3 Tbps DDoS attack. According to the report, this was approximately a 44% larger volume than previously detected AWS events.

The prior record of 1.7 Tbps occurred nearly two years prior and was mitigated by NETSCOUT Arbor.

While the specific customer targeted by the DDoS attack was not listed, the report shared that the attack was carried out using Connection-less Lightweight Directory Access Protocol (CLDAP) servers.  

“The protocol has been abused for DDoS attacks since late 2016, and CLDAP servers are known to amplify DDoS traffic by 56 to 70 times its initial size, making it a highly sought-after protocol and a common option provided by DDoS-for-hire services,” says Catalin Cimpanu for ZDNet.

The DDoS attack resulted in three days of “elevated threat,” which AWS Shield indicates the “global threat level based on attack frequency, volume, or other attributes was “High” or “Critical”.

Across all types of events, AWS Shield reports a 23% increase in the number of detected events compared to the same quarter in 2019.

AWS also reported 1.1 billion detected malware threats coming from 1.6 million unique suspects. Both the number of threats and unique suspects increased from the last quarter of 2020.

“The growth in both events and suspects can imply a larger number of exploitation attempts from either a larger number of suspected attackers, or from suspected attackers who are employing more dynamic evasion techniques,” the report summarizes.

Ultimately, the report shows that cyber attacks of all kinds are increasing in both size and scope. The need for cybersecurity experts who can stay on top of the latest trends, be prepared for any potential threats, and implement strong protection strategies will only continue to grow.

Capitol Tech students studying cybersecurity take classes in secure coding, scripting languages, secure data communications and cryptography, malware analysis/reverse engineering, and digital forensics, ensuring they will become experts in cybersecurity defense.

Want to learn about cybersecurity? Capitol Tech offers bachelor’s, master’s and doctorate degrees in cyber and information security. Many courses are available both on campus and online. To learn more about Capitol Tech’s degree programs, contact admissions@captechu.edu or click here to schedule a meeting or enroll for an open house.