The proliferation of smart devices caused a worrying spike in so-called SSDP distributed denial of service (DDoS) attacks globally in the second half of 2014, with online gamers the fastest growing target, according to new data from NSFOCUS.
The DDoS prevention firm’s 2H 2014 DDoS Threat Report claimed that routers, webcams and other internet-connected devices have emerged as “the most potent and increasingly favored attack vector.”
This is because they have relatively high bandwidth, a long upgrade cycle – which, for some, means they’re never upgraded after deployment – and they’re online 24/7, the report said.
Simple Service Discovery Protocol (SSDP) attacks using smart devices can apparently amplify attack bandwidth by as much as 75 times.
Although there are only around seven million such devices currently exploitable globally, the figure is set to rocket as the Internet of Things brings billions online in the coming years, NSFOCUS argued.
Smart devices accounted for a third of attack sources in the largest DDoS of 2014, the firm said.
SSDP reflection amplification attacks 'dominated' all other forms of attacks under the UDP flood banner in 2H 2014, including NTP reflection attacks – which had been number one in the first half of the year.
NTP attacks started to wane last year thanks to a major awareness raising campaign by the US-CERT and Network Time Protocol, which urged managers to patch their NTP servers to ensure they couldn’t be used to DDoS targets.
UDP Flood attacks were the most common in the period, accounting for 51.9% of all DDoS.
The report explained:
“UDP-based reflection amplification flood attacks do not require a large number of zombies. From the perspective of the victim, all data packets appear normal, but can overwhelm server resources or bandwidth quickly. Hence, it is not only an efficient, but very effective attack method.”
The stats from NSFOCUS echo those of Arbor Networks, which claimed at the end of 2014 that SSDP attacks were on the rise.
It found that 4% of all attacks and 42% of all attacks greater than 10Gbps used SSDP reflection during the third quarter of last year.
NSFOCUS also declared that online gamers are the fastest growing DDoS target, now accounting for nearly 32% of all those hit – only beaten by online retail/media (37%).
The report claimed that DDoS-ers are getting smarter about how they launch their attacks, with over 90% lasting less than 30 minutes.
“This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploying malware and stealing data,” according to the report.
If you found this article insightful, why not watch our #InfosecWebinar on Malware in IoT, Crypto-coins & Smart Devices