This week Amazon Web Services (AWS) suffered a major distributed denial-of-service (DDoS) attack that made it unavailable for some customers.
This week, threat actors launched a massive DDoS attack against Amazon Web Services (AWS) causing the inability of some customers to access their AWS S3 buckets.
Users were intermittently unable to access online services relying on the Amazon infrastructure that was under attack.
According to the company status page, hackers were targeting the AWS DNS servers flooding them with junk network traffic.
The attacks lasted for around 8 hours, between 10:30 AM and 6:30 PM PDT, but some of DNS names experienced problems starting 5:16 PM.
The company reported intermittent DNS resolution errors with Route 53 and external DNS providers, it also informed the users of the ongoing DDoS attack.
“We are investigating reports of occasional DNS resolution errors. The AWS DNS servers are currently under a DDoS attack. Our DDoS mitigations are absorbing the vast majority of this traffic, but these mitigations are also flagging some legitimate customer queries at this time. We are actively working on additional mitigations, as well as tracking down the source of the attack to shut it down.” reads the notification sent to the AWS users. “Amazon S3 customers experiencing impact from this event can update the configuration of their clients accessing S3 to specify the specific region that their bucket is in when making requests to mitigate impact.”
Users attempting to access Amazon’s services were redirected to its status page.
The attack also impacted many companies, including Digital Ocean, which has had issues with accessing S3/RDS resources inside Droplets.
“Our Engineering team is continuing to monitor the issue impacting accessibility to S3/RDS/ELB/EC2 resources across all regions,” the company wrote on the incident’s status page at 23:25 UTC on Oct 22.”
At the time of writing all the impacted systems have been restored,
To read the original article:https://securityaffairs.co/wordpress/92958/hacking/ddos-attack-amazon-web-services.html