In February 2020, one of the clients of Amazon AWS was targeted with a DDOS attack. DDOS stands for distributed denial of service and is a very common type of cyber attack, but what took many people by surprise was the scale of the attack. For the first time on the internet, the network volume generated by a DDOS attack exceeded 2 Tb/s, which made this the largest DDOS attack ever recorded. Compare this to the previous record, which was pegged at 1.7Tb/s, and the fact that most DDOS attacks rarely exceed the 500Gb/s volume.
The attack was first disclosed in a quarterly report released by Amazon for the first quarter of 2020. According to this document, the attack was detected by the AWS Shield service, which is especially designed to detect such attacks. The report also emphasized that this was an increase in volume by over 188%, compared to the same quarter last year, and 44% larger than any volumetric event previously detected on AWS.
Attackers used a common UDP reflection vector, called CLDAP reflection. CLDAP stands for Connection-less Lightweight Directory Access Protocol. The reason for such a large network volume is due to the very high base amplification factor(BAF) using this vector. BAF is calculated as the ratio of number of UDP payload bytes(that the victim sends in response to a request) to the number of UDP payload bytes of the request(sent by the attacker or the bots). CLDAP reflection has a BAF of about 70 times, which makes it quite capable of creating high network volumes. This eventually makes it impossible for the victim to respond to legitimate connections.
The increasing volume of DDOS attacks is a cause for worry, since large volume attacks come with capabilities to take down large portions of the internet, such as through the NXNS Attack. However, researchers and companies are working hard to stay a step ahead of attackers, and hopefully, DDOS will become a thing of the past. To know more about DDOS attacks, check this post.
Techprodezza 