Amazon’s cloud computing division AWS lately experienced a major DDoS attack on Wednesday, October 23, 2019. The sustained DDoS attack appears to have lasted for approx 8 hours. The incident primarily affected its Router 53 DNS web service, but other services also knockdown. This not only raised queries on the nature of the attack but also raised many questions on AWS’s DDoS mitigation service– “Shield Advanced“.
At the same time, Google Cloud Platform(GCP) also dealt with an array of issues. Though AWS and GCP are not understood to be linked. GCP cited interruptions to multiple Cloud products such as Google Kubernetes Engine, Google Cloud Storage, Cloud Bigtable, Cloud Memorystore, Google Compute Engine at the same time. Google representative clearly states: “Our service disruptions were unrelated to any DDoS attempt.”
As a result, AWS customers were unable to access AWS’s S3 services. Many AWS services were also forced to rely on external DNS queries. This includes Elastic Load Balancing (ELB) and Relational Database Service (RDS). Mainly, the US East Coast seems to hit severely. (Though, AWS describes that attack has only impacted a “small number of specific DNS names”)
According to Reddit’s AWS users, Aurora clusters (a PostgreSQL-compatible database and MySQL) were also unreachable. Many consumers were also unable to use cloud services for several hours.
AWS DDoS Attack
AWS Service Health Dashboard status update reads:
“Between 10:30 AM and 6:30 PM PDT, we experienced intermittent errors with a resolution of some AWS DNS names. Beginning at 5:16 PM, a very small number of specific DNS names experienced a higher error rate. These issues have been resolved.”
During the time of the attack, an email was shoot out to customers confirming that DNS outage was due to the DDoS attack. Also, Amazon shared a message on Reddit and Twitter, stating that AWS is investigating reports of occasional DNS resolution errors. AWS DNS servers are currently under the Distributed Denial of Service (DDoS) attack.
Amazon also states that its Shield Advanced DDoS mitigation plays a vital role in dealing with a significant portion of the attack. However, the mitigations end up flagging several legitimate customer queries as malicious and denying users to establish a connection.
Knowing the AWS sheer size and traffic capacity, it handles at all times, the DDoS attacks that cause the severe outage must have been quite significant.
Citing potential mitigation concerns, this attack should be served as a reminder to all the security leaders to ensure the safety of their mission-critical infrastructure against cyberattacks.
Prevention is always better than cure. The cost of not doing so-from added technology investment, possibly regulatory action, compensation to reputational damage-can cause an unwelcome impact on the bottom line.
Stay Tuned, Stay Secure, Stay Online…