Amazon Web Services has revealed that in May 2020 it deflected the largest ever recorded DDoS attack.
The previous largest Distributed Denial of Service (DDoS) attack had been against GitHub in 2018 which was measured at 1.3 Terabits (Thousand Billion bits per second) – the attack against AWS in May was almost double at 2.3 Terabits per second. Some details of the attack are detailed in the AWS Shield Threat Landscape report.
The attack against AWS used hijacked CLDAP servers (CLDAP has been abused in DDoS attacks since 2016 – it can amplify DDoS traffic between 56 – 70 times).
In the report AWS states:
In Q1 2020, a known UDP reflection vector, CLDAP reflection, was observed with a previously unseen volume of 2.3 Tbps. This is approximately 44% larger than any network volumetric event previously detected on AWS. CLDAP reflection attacks of this magnitude caused 3 days of elevated threat during a single week in February 2020 before subsiding. Despite this observation, smaller network volumetric events are far more common. The 99th percentile event in Q1 2020 was 43 Gbps.
Cloudflare, another popular provider of DDoS mitigation services, notes that 92% of DDoS attacks it defends are under 10Gbps – making the size of the attack against AWS all the more remarkable.
Defending a DDoS attack can require significant infrastructure which is why organisations typically employ the services of a third party such as AWS or Cloudflare where the otherwise prohibitive costs are shared across many clients.