Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

DDoS Attacks Using SSDP Spike in Q1: Arbor Networks

Distributed denial-of-service (DDoS) attacks using the Simple Service Discovery Protocol (SSDP) continued to rise during the first quarter of 2015, according to a new report from Arbor Networks.

Distributed denial-of-service (DDoS) attacks using the Simple Service Discovery Protocol (SSDP) continued to rise during the first quarter of 2015, according to a new report from Arbor Networks.

The largest new attack was 137.88 Gbps, the firm reported. Arbor Networks monitored 126,000 SSDP reflection attacks in the first quarter of the year compared to 83,000 in the fourth quarter of 2014. The numbers also represent a dramatic spike from Q1 2014, when Arbor Networks observed just three such attacks.

A report recently released by NSFOCUS linked the ever-growing Internet of Things (IoT) to an increase in SSDP reflection attacks during the second half of 2014. More than 30 percent of compromised SSDP attack devices were network-connected devices such as home routers and webcams, according to the firm.

“With the proliferation of the Internet of Things, any smart connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks,” according to the NSFOCUS report. “This particular type of DDoS attack was seen as the second most dominant threat, after NTP-based (Network Time Protocol) attacks, in 2H2014.”

Most of these IoT devices are very low cost, rarely if ever monitored and are often easily exploitable, said Gary Sockrider, solutions architect for Arbor Networks.

“As more of these devices come online they become ever more inviting targets,” he said. “Many of these devices have Universal Plug and Play (UPnP) enabled by default, which relies upon SSDP, and we’ve seen a sharp and continued rise in SSDP based attacks.”

Overall, the attacks monitored by Arbor Networks were shorter but packed a more powerful punch. Ninety percent of the attacks lasted less than an hour. The top overall attack targets were the U.S. (16 percent), China (16 percent) and France (8 percent). The top targets for reflection attacks of more than 10Gbps were France (19 percent), Denmark (10 percent) and the U.S. (8 percent). Roughly 43 percent of reflection attacks targeted port 80.

“Attacks that are significantly above the 200Gbps level can be extremely dangerous for network operators and can cause collateral damage across service provider, cloud hosting and enterprise networks,” said Darren Anstee, director, solutions architects, for Arbor Networks, in a statement. “DDoS attacks continue to evolve. Not only have volumetric attacks grown significantly in size and frequency over the past 18 months, application-layer attackers are also still pervasive. In order to deal with the full scope of the modern DDoS threat, we strongly recommend a multi-layered defense, one that integrates on-premise protection against application-layer attacks with cloud-based protection against higher magnitude volumetric attacks. Only then is an organization fully protected from DDoS attacks today.”

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.


Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...