Under “usual circumstances,” AWS makes headlines for exposing databases of companies using its services.
A few days ago (Oct 22, 2019), the world’s large cloud services provider – Amazon Web Services (AWS) – was hit by a series of DDoS attacks (Distributed Denial of Service) resulting in portions of it going offline for several hours.
The attack’s duration was for about 8 hours from 10:30 AM to 6:30 PM as confirmed by Amazon. Although the attack was directed towards its Route 53 DNS web service, other services of it were also affected including its S3, Relational Database Service (RDS), Simple Queue Service (SQS), CloudFront, Elastic Compute Cloud (EC2) and Elastic Load Balancing (ELB) service.
Moreover, the DDoS attack also affected businesses using AWS services. For instance, DigitalOcean, a US-based cloud infrastructure provider was one of the victims. In a statement, DigitalOcean acknowledged the issue and stated that:
“Our Engineering team is continuing to monitor the issue impacting accessibility to S3/RDS/ELB/EC2 resources across all regions. We continue to monitor the situation closely, and we will post an update as soon as the issue is fully resolved.”
Perhaps, the most ironic part of this entire encounter was that Amazon was unable to stop the attack despite it offering its very own DDoS mitigation service named Shield Advanced with multiple plans. However, the company did attribute the reduction in the impact of the incident to it stating that:
“Our DDoS mitigations are absorbing the vast majority of this traffic, but these mitigations are also flagging some legitimate customer queries at this time.”
We're investigating reports of intermittent DNS resolution errors with Route 53 & our external DNS providers. We're working towards resolution & will post updates here: https://t.co/Frz0O4RoSl. 🚦
— AWS Support (@AWSSupport) October 22, 2019
To add to this, another interesting incident that occurred on the same day was Google’s Cloud Platform also experiencing problems although the cause was not attributed to a DDoS attack. No connection was found between both either.
It is worth noting that according to CBR, the DDoS attacks 8 hours. In a DDoS attack, the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.
Nonetheless, we haven’t been updated with any information as to the source of the attack and so it still remains a mystery. If such a revelation does occur, it can help the business community really understand what it takes to breach one of the largest companies today and strengthen their defenses accordingly.
This, however, is not the first time when a company has suffered non-stop DDoS attacks. Previously, a US college suffered a massive DDoS attack that continued for 54-hours non-stop. A series of DDoS attacks targeted Ukraine’s National Postal Service for consecutive 48 hours.
In another incident, a Chinese telecom company whose name was never revealed suffered a record-breaking DDoS attack that lasted for 11 days, approx. 227 hours.