COVID-19 has created a significant amount of change to our daily lives and how we work. Unfortunately, these changes have in turn created increased cyber-security risks for many organisations around the world. Covid–19 has led to a sharp increase in cyber-attacks worldwide. Cyber criminals have been quick to exploit the current situation, with Amazon just announcing that its online cloud, which provides the infrastructure on which many websites rely, has fended off the largest DDoS attack in history.
Amazon Web Services is an enormous cloud-services provider and a major money-maker for Amazon. So what does this recent cyber-attack entail? Distributed denial of service (DDoS) attacks are designed to knock a website offline by flooding it with huge amounts of requests until it crashes. Amazon Web Services (AWS) said the February attack had fired 2.3Tbps.
That is a little under half of all traffic BT sees on its entire UK network during a normal working day. The previous record, set in 2018, was 1.7Tbps. “This is huge news for people in the industry,” said Lisa Forte, from Red Goat Cyber Security, warning it was “enormous” compared with the previous all-time high.”It is like comparing a moped to a super-car,” she said.
“They are totally different beasts. These are outliers. But as always with cyber-threats, we are in an arms race against attackers every day. This will definitely be an alarming revelation to many and could be a warning that we should not ignore.”
In a formal report about its DDoS protection service, AWS Shield, the company said the peak of the attack had been 44% larger than anything the service had seen before and resulted in a three-days of “elevated threat” status. But it did not identify what website or online service had been targeted by the attack. DDoS attacks are relatively simple in nature and rely on their sheer scale to be effective.
They often utilize large numbers of machines compromised by malware to launch attacks, which can be purchased online from cyber-criminals relatively cheaply. They have been used by groups such as the hacktivist collective Anonymous to target the websites of companies or local governments they disagree with.
However, protection services such as AWS Shield, Cloudflare, and Akamai, among others, have been used by many major online services in an attempt to limit their effectiveness.