Big DDoS Attacks Jump in Q3

Monday, November 24, 2014 @ 06:11 PM gHale

The amount of distributed denial-of-service (DDoS) attacks exceeding 10 Gbps grew between the second and third quarters of this year, a new report said.

The number of attacks 10 Gbps and above jumped by 38 percent from the second quarter, and represented more than 20 percent of all attacks in the third quarter, said the Verisign report.

Data Breach Awareness on Rise
Malware Creation Skyrockets in Q3
ICS Targeted in Malware Campaign
IOServer Fixes Resource Exhaustion Flaw

Attackers were persistent in launching attacks against targeted customers, averaging more than three separate attempts per target, according to the report. The most frequent target of attacks was the media and entertainment industry, which represented more than 50 percent of all mitigation activity. The largest observed attack of 90 Gbps hit an e-commerce company.

“This attack was a pulsing User Datagram Protocol (UDP) flood employed in short bursts of 30 minutes or fewer,” Verisign said in a blog post announcing the report. “It consisted primarily of Network Time Protocol (NTP) reflective amplification attack traffic. This activity was aimed at disrupting the critical online commerce capability of the customer and was successfully mitigated by Verisign.”

When compared to Q1, the average attack size increased in Q3 by 65 percent. Network Time Protocol (NTP) continues to make up the majority of UDP-based reflective amplification attacks, with a shift to SSDP [Simple Service Discovery Protocol] during the quarter. Last month, researchers at Akamai Technologies issued a warning about attackers leveraging SSDP to launch attacks that amplify and reflect traffic to their targets.

“Though the amplification it generates is smaller than that possible with DNS or NTP reflection attacks, SSDP attacks still have the capability to overwhelm organizations that are using traditional security appliances to protect their assets,” the report said. “Consistent with other reflective amplification attacks, malicious actors will spoof the source IP when making an SSDP request to target a victim. For most organizations, SSDP implementations should not need to be open to the Internet. In this case, ingress queries from the Internet targeting this protocol can be blocked at the network edge to protect from this particular vector. Verisign recommends an audit of internal assets, including outbound network flows to ensure that your organization is not being unknowingly leveraged in SSDP-based DDoS attacks.”

Leave a Reply

You must be logged in to post a comment.