DDoS-ers Top 330Gbps in Massive Attack

Arbor Networks has reported yet another spike in high-volume DDoS attacks during the last quarter, including the largest it has ever recorded at 334Gbps.

Aside from that attack, which targeted a network operator in India, there were 25 attacks worldwide larger than 100Gbps during the first quarter, according to the latest attack data from the DDoS prevention firm.

These giant attacks are made possible thanks mainly to reflection amplification using Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, the vendor said.

They take advantage of a multitude of poorly configured and protected devices on the internet offering UDP services, which allow a sender to send a query and have generated a response much larger than that request.

The attackers are able to spoof their IP address to mimic that of their target, taking advantage of the fact that not enough service providers filter such traffic at the network edge, Arbor explained.

SSDP attacks in particular have soared over the past year, from just three in Q1 2014 to a whopping 126,000 in the first three months of this year.

Attacks are also getting shorter, with around 90% lasting less than one hour, the firm said.

This tallies with data from NSFOCUS last week which claimed attackers were increasingly using smart devices to amplify SSDP attacks by up to 75 times.

However, the firm went one further, claiming that 90% of attacks were actually less than half an hour in duration. It argued that such attacks were primarily used as a distraction to occupy the IT team while hackers could steal data and deploy malware.

“DDoS attacks continue to evolve. Not only have volumetric attacks grown significantly in size and frequency over the past 18 months, application-layer attackers are also still pervasive,” said Darren Anstee, director, Solutions Architects at Arbor.

“In order to deal with the full scope of the modern DDoS threat we strongly recommend a multi-layered defense, one that integrates on-premise protection against application-layer attacks with cloud-based protection against higher magnitude volumetric attacks.”

However, the findings are slightly at odds with new research from Kaspersky Lab which found nearly a quarter (21%) of firms suffering DDoS attacks are out of action for anything from a couple of days to weeks.

Some 32% of respondents to the survey said their attack lasted between an hour and a day and 31% said up to one hour. 

What’s Hot on Infosecurity Magazine?