01/16 2024

Against DDoS Attacks – Data-driven Proactive Measures by AWS

AWS Shield serves as the fundamental protection service for AWS. Recently, it has been observed that the number of DDoS attack incidents thwarted by AWS Shield has grown at an annual rate of 40%, reaching a new high in July 2023 with nearly 120,000 instances of defense. Notably, 56% of these DDoS attacks occurred at the application layer. In the face of persistent cybersecurity threats, leveraging “data” emerges as the most effective preventive measure. Nextlink takes you through a retrospective of the cybersecurity trends observed at AWS re:Invent 2023, outlining plans to actively detect various cybersecurity threats in cloud environments through data-driven threat detection. This transformation of data into valuable cybersecurity strategies aims to establish a secure and resilient cloud environment.

How Proxy Servers DDoS Attack Paralyze Target Websites

Proxy Servers have adopted a DDoS attack approach, specifically targeting Layer 7 to disrupt the normal operations of target websites, servers, or network services. This recent trend in DDoS attacks makes use of remote proxy servers, making it challenging for IT personnel to identify the attack source, thus complicating the defense.

DDoS 攻擊 代理伺服器
The DDoS attack methodology employed by proxy servers renders the target unable to determine the source, thereby increasing the difficulty of defending against such attacks. (Image: AWS)

Blocking DDoS Attacks with Data Science

At AWS re:Invent 2023, two data science strategies were introduced to enhance the precision of attack protection for enterprises:

Addressing Known Attack Sources: Deployments on AWS

According to AWS statistics, in the latter half of 2023, individuals with malicious intent targeted infrastructure with DDoS attacks at an average rate of 25,000 to 30,000 times per day. To counteract this, for known cybersecurity attack sources, it is recommended to utilize the “AWS Managed IP Reputation List” feature within “AWS WAF.” Deploy this solution to Elastic Load Balancing (ELB) load balancers, Amazon API Gateway API management platforms, and Amazon CloudFront (CDN) to ensure that attackers changing IP locations for attacks need not be a concern.

Addressing Unknown Attack Sources: MadPot Initiative – Transforming Threat Intelligence Data for Defense

MadPot Initiative is an internal AWS system collecting global threat intelligence. With over 10,000 deployed detectors, it monitors nearly 100 million potential threats globally every day, identifying 500,000 threat events. The MadPot system collects extensive threat intelligence data for correlation and analysis, actively identifying potential threat activities on the network. Serving as a honeypot system, MadPot can be set up to capture the attention of malicious attackers.

Traditional cybersecurity threat detection relied on “prior cybersecurity vulnerabilities” to mitigate risks. However, by transforming this threat intelligence data into actionable insights and driving cybersecurity policy deployment, enterprises can not only stay one step ahead of attackers but also proactively detect cybersecurity attacks, reinforcing security within cloud environments. By leveraging data in this manner, businesses can effectively address every potential cybersecurity event, regardless of how network security attacks evolve.

Nextlink Technology holds dual certifications in data security and data analysis, providing businesses with a secure environment to enjoy the trends brought by cloud computing. Additionally, Nextlink possesses a professional data analysis team to help enterprises effectively transform data into value!