AWS Shield Threat Scenery report can be acquired now

AWS Shield is really a managed threat security service that safeguards apps operating on AWS against exploitation of program vulnerabilities, poor bots, and Distributed Denial of Services (DDoS) episodes. The AWS Shield Threat Scenery Report (TLR) gives you a listing of threats detected by AWS Shield. This record is usually curated by the AWS Threat Reaction Team (TRT), who continually assesses and monitors the threat landscape to create protections with respect to AWS customers. This consists of guidelines and mitigations for providers like AWS Managed Rules for AWS WAF and AWS Shield Advanced. You may use these details to expand your understanding of exterior threats and enhance the security of your programs running on AWS.

Are a few of our findings from the newest report here, which covers Q1 2020:

Volumetric Threat Evaluation

AWS Shield detects internet and network application-level volumetric events that could indicate a DDoS assault, web content scraping, accounts takeover bots, or even other unauthorized, non-human visitors. In Q1 2020, we observed significant boosts in the quantity and frequency of system volumetric threats, which includes a CLDAP reflection strike with a peak level of 2.3 Tbps.

A summary are available by you of the volumetric events detected in Q1 2020, when compared to same quarter in 2019, in the next table:

MetricSame One fourth, Prior Year (Q1 2019)
Most Recent One fourth (Q1 2020)ChangeTotal amount of events253,231310,954+23%Largest bit price (Tbps)0.82.3+188%Largest packet price (Mpps)260.1293.1+13%Largest demand rate (rps)1,000,414694,201-31%Times of elevated threat*13+200%

Days of elevated danger indicates the amount of times during which the quantity or frequency of activities was unusually high.

Malware Threat Evaluation

AWS operates a risk intelligence system that monitors Internet visitors and evaluates potentially suspicious interactions. We observed substantial increases in the both total number of occasions and the true amount of unique suspects, relative to the last quarter. The most typical interactions seen in Q1 2020 had been Remote Program code Execution (RCE) efforts on Apache Hadoop YARN apps, where the suspect tries to exploit the API of a Hadoop cluster’s resource administration system and execute program code, without authorization. In March 2020, these interactions accounted for 31% of most activities detected by the danger intelligence platform.

You can find a listing of the volumetric events detected in Q1 2020, when compared to prior quarter, in the next table:

MetricPrior One fourth
(Q4 2019)
Most Recent One fourth
(Q1 2020)ChangeTotal amount of events (billion)0.71.1+57%Unique suspects (million)1.21.6+33%

For more information concerning the threats detected by AWS Shield in Q1 2020 and methods that you can try protect your applications working on AWS, download the AWS Shield Threat Landscape Report.

When you have feedback concerning this post, submit remarks in the Comments section below. Should you have questions concerning this blog post, take up a brand new thread on the AWS Shield forum or contact AWS Support.

Want a lot more AWS Security how-to articles, news, and show announcements? Stick to us on Twitter.


Mario Pinho

Mario Pinho is really a Security Engineer from AWS. He’s got a background in system consulting and engineering, and feels with his best when busting complex topics and procedures into its simpler elements apart. In his leisure time he pretends to end up being an artist by actively playing piano and doing scenery photography.

%d bloggers like this: