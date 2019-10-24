Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

AWS Left Reeling After Eight-Hour DDoS

Amazon Web Services (AWS) customers were hit by severe outages yesterday after an apparent DDoS attack took S3 and other services offline for up to eight hours.

The attack hit the cloud giant’s Router 53 DNS web service, which had a knock-on effect on other services including Elastic Load Balancing (ELB), Relational Database Service (RDS) and Elastic Compute Cloud (EC2), that require public DNS resolution.

A status update by AWS, since replaced, claimed: “Between 10:30 AM and 6:30 PM PDT, we experienced intermittent errors with resolution of some AWS DNS names. Beginning at 5:16 PM, a very small number of specific DNS names experienced a higher error rate. These issues have been resolved.”

A message sent to customers during this time clarified that the firm’s DNS servers were indeed experiencing a DDoS attack. The outages call into question the effectiveness of the AWS DDoS-mitigation platform Shield Advanced, especially as it appeared to have made things worse for some customers.

“Our DDoS mitigations are absorbing the vast majority of this traffic, but these mitigations are also flagging some legitimate customer queries at this time,” the firm said.

In an apparently unrelated incident, the Google Cloud Platform also experienced problems at around the same time yesterday, although it clarified that DDoS was not the cause.

The issues affected Google Compute Engine, Cloud Memorystore, Google Kubernetes Engine, Cloud Bigtable and Google Cloud Storage. They included network programming and packet loss for Cloud Networking customers and packet loss for Google Compute Engine users.

Anthony Chad, global SVP for Neustar, argued that the attack on AWS must have been significant.

“Citing potential mitigation concerns, this attack should serve a reminder to security leaders to ensure they safeguard their cyber-defenses on an always-on basis across a number of levels, from the perimeter to websites and applications, underpinned by intelligence,” he added.

“Prevention is always better than the cure, and the cost of not doing so — from reputational damage to additional technology investment, compensation and possibly regulatory action — can have an undesired impact on the bottom line.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

German Automation Giant Still Down After Ransomware Attack

2
News

AWS Left Reeling After Eight-Hour DDoS

3
News

McAfee Names Alexis Bledel Most Dangerous Celebrity

4
News

Italians Rocked by Ransomware

5
News

Cash-back Websites Expose 2 TB of Sensitive Information

6
News

Most Effective Phishing Tactic Is to Make People Think They've Been Hacked

1
News

Chartered Institute: IT Security Industry is Stagnating

2
Interview

Interview: Rajan Kapoor, Director of Security, Dropbox

3
News

Action Fraud Snafu Leaves 9000 Cases Quarantined

4
News

£265m Data Breach Costs Could Have Been Avoided with £9600 Worth of Bug Bounties

5
News

AWS Left Reeling After Eight-Hour DDoS

6
Opinion

Cloud Migration Makes an Old Data Security Problem New Again

1
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

2
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

3
Webinar

Identifying and Defending Against Advanced and Automated Attacks

4
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

5
Webinar

Mobile Access: Best Practices for a Modern Security Approach

6
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

1
Blog

Are Pwned Passwords Putting Your Business at Risk?

2
Blog

Security by Sector: Cyber-Criminals Seek to Exploit Automotive Manufacturing

3
Interview

Interview: Rafe Pilling, Senior Security Researcher, Secureworks

4
Webinar

Identifying and Defending Against Advanced and Automated Attacks

5
Opinion

Equifax and Capital One: What Should We Learn?

6
Interview

Interview: Martin Lee, Outreach Manager and Technical Lead, Cisco Talos