Recently, I’ve been thinking about how easy it could be to potentially launch a large scale DDOS attack utilizing cloud service providers. With certain providers, you can set instances to launch automatically, run scripts, initiate the attack, and then shut itself down all without even being near your computer. Utilizing multiple providers and different zones/data centers within one company could amount to a very large scale DDOS. A lot of companies lack sufficient DDOS protection and even those which can detect and mitigate, are still susceptible to outgoing attacks. One quick and easy way would be to initiate your instance and have it attack for 5-10 minutes, then shut itself down and restart the process on a new instance with a new IP. Repeating this process with 200-300 instances per service provider and per zone in some cases could create a very large attack. (more…)