by A small retailer in North Africa, a telecommunications provider in North America, two different religious organizations. What do they have in common? They all run Microsoft servers with configuration issues that are used to amplify DDoS attacks. DDoS amplification attacks are very popular with cybercriminals and can drastically reduce the computing resources required to launch an attack. The earliest amplification attacks exploited misconfigured DNS servers, which amplified attack traffic by a factor of 54. The latest amplification attack exploits Microsoft’s Connectionless Lightweight Directory Access Protocol (CLDAP) protocol, using UDP packets. DDoS attackers began leveraging the protocol in 2017 to amplify attack traffic by a factor of 56-70. At that time, there were tens of thousands of CLDAP servers exposed on the public network. Security researchers tracked four of the servers and found that the most damaging one belonged to an unidentified religious organization that generated more than 10Gbps of attack traffic four times from July to September, and one close to 17Gbps.
Source: https://arstechnica.com/?p=1893470
