AWS Left Reeling After Eight-Hour DDoS (Oct 24, 2019)
Amazon was hit by a Distributed Denial of Service (DDoS) attack this week which took service offline for up to eight hours. The DDoS targeting the Amazon Web Services (AWS) Router 53 DNS web service which in turn affected other services. The success of the attack calls into question the DDoS-mitigation platform Shield Advanced which was used by AWS during the attack.
Recommendation: Denial-of-service attacks can potentially cost your company loss in revenue because severe attacks can shut down online services for extended periods of time. In addition, the availability for threat actors to compromise vulnerable devices, and purchase DDoS for hire is a continually evolving threat. Mitigation techniques can vary depending on the specifics of the attack. For example, in the case of BlackNurse, which can disrupt enterprise firewalls, ICMP type 3 traffic should be blocked, or at least rate limited. Furthermore, a business continuity plan should be in place in the unfortunate case that your company is the target of a significant DDoS attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.