Amazon Web Services recently released data covering the cyberattacks detected by AWS Shield over the last year. This data is crucial for understanding where hackers are targeting, and how to keep the most vulnerable areas of your data infrastructure safe.
In this article, we’ll go through some of the more significant points of this data, and what it means for the security of your infrastructure.
What is the biggest cyberthreat facing my AWS infrastructure?
According to the data, Distributed Denial-of-Service (DDoS) attacks make up the largest type of attacks detected by AWS Shield. Between February 2020 and April 2020, AWS observed a 72% increase in these types of attacks per month. With the increased usage of AWS Shield Advanced and AWS WAF, these threats were largely mitigated.
Other common types of attacks included TCP SYN floods and UDP reflection attacks, which attempt to affect the availability of an application by overwhelming its ability to process packets or establish new connections on behalf of legitimate users. These attacks can be much more sophisticated than DDoS attacks, and therefore more difficult for security managers to detect and mitigate. They are especially dangerous to web applications, which rely on large amounts of incoming DNS and TCP traffic and can be overwhelmed without the proper infrastructure implemented.
These kinds of attacks make up the largest types of attacks on the infrastructure layer. In conjunction with application-layer attacks, hackers can seriously damage application availability. Attacks like Web Request Floods have grown more popular in the past year, overwhelming application resources with minimal traffic by overloading it with web requests. In 2020, Shield reported elevated threats on 53 days, 33 of which were caused by high-volume web request floods.
Gaming Servers are Under Particular Threat
Applications that regularly interact with outside users are at increased risk of DDoS attacks. It comes as no surprise then that gaming servers are the most popular target for this kind of attack. Though gaming servers generally do not host sensitive data, these attacks can cause service disruptions that can cripple player connectivity and game playability. Between Q1 2020 and Q2 2020, AWS observed a 46% increase in the frequency of events that were detected on behalf of gaming applications. AWS chalks up this increase in attacks on gaming servers to those looking for an unfair advantage in the game, or simply out of malice.
Unfortunately, these servers’ dependence on UDP traffic makes blocking traffic broadly an untenable solution to these cyber threats. AWS suggests that those who host gaming servers use Elastic IP addresses and protect hosted resources with AWS Shield Advanced. With AWS Shield Advanced powerful deep packet inspection in real-time, it can easily filter player traffic and weed out any suspicious activity.
How should I respond to these cyber threats?
AWS lays out three main ways that you can protect your AWS infrastructure from cyber attacks.
- AWS Shield Advanced
AWS Shield Advanced is a powerful service that protects your applications from network and transport layer DDoS attacks. It takes advantage of huge amounts of computing power to process network traffic in real-time and quickly addresses suspicious activity without causing service disruption. By centralizing security data and metrics in one place, this service forms the central part of an air-tight security posture.
2. Amazon CloudFront and Amazon Route 53
These services are particularly important for protecting static and dynamic web content. These services help manage incoming traffic by spreading it out over a global network of AWS edge locations. It can quickly manage large amounts of traffic, whether legitimate or otherwise and keep your infrastructure from being overwhelmed. It continuously inspects incoming traffic and establishes underlying protocols to make sure new connections are only made by valid users.
3. AWS WAF
To protect against infrastructure-level attacks, AWS recommends their Web Application Firewall (WAF) service. This provides a powerful layer of protection against DDoS attacks. It’s easy to set up with pre-configured rules and simplifies the management process through a centralized security dashboard.
That’s what’s new with AWS Shield! Hopefully, this article will help you be more prepared for the kinds of threats facing your AWS infrastructure.
If you’re an AWS partner and are looking to streamline your sales process, join OppSync’s free beta! Our specialized, no-code technology seamlessly synchronizes leads between AWS and your CRM program. Learn more at Oppsync.io
