Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

DDoS Attacks Using SSDP Spike in Q1: Arbor Networks

Distributed denial-of-service (DDoS) attacks using the Simple Service Discovery Protocol (SSDP) continued to rise during the first quarter of 2015, according to a new report from Arbor Networks.

Distributed denial-of-service (DDoS) attacks using the Simple Service Discovery Protocol (SSDP) continued to rise during the first quarter of 2015, according to a new report from Arbor Networks.

The largest new attack was 137.88 Gbps, the firm reported. Arbor Networks monitored 126,000 SSDP reflection attacks in the first quarter of the year compared to 83,000 in the fourth quarter of 2014. The numbers also represent a dramatic spike from Q1 2014, when Arbor Networks observed just three such attacks.

A report recently released by NSFOCUS linked the ever-growing Internet of Things (IoT) to an increase in SSDP reflection attacks during the second half of 2014. More than 30 percent of compromised SSDP attack devices were network-connected devices such as home routers and webcams, according to the firm.

“With the proliferation of the Internet of Things, any smart connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks,” according to the NSFOCUS report. “This particular type of DDoS attack was seen as the second most dominant threat, after NTP-based (Network Time Protocol) attacks, in 2H2014.”

Most of these IoT devices are very low cost, rarely if ever monitored and are often easily exploitable, said Gary Sockrider, solutions architect for Arbor Networks.

“As more of these devices come online they become ever more inviting targets,” he said. “Many of these devices have Universal Plug and Play (UPnP) enabled by default, which relies upon SSDP, and we’ve seen a sharp and continued rise in SSDP based attacks.”

Overall, the attacks monitored by Arbor Networks were shorter but packed a more powerful punch. Ninety percent of the attacks lasted less than an hour. The top overall attack targets were the U.S. (16 percent), China (16 percent) and France (8 percent). The top targets for reflection attacks of more than 10Gbps were France (19 percent), Denmark (10 percent) and the U.S. (8 percent). Roughly 43 percent of reflection attacks targeted port 80.

“Attacks that are significantly above the 200Gbps level can be extremely dangerous for network operators and can cause collateral damage across service provider, cloud hosting and enterprise networks,” said Darren Anstee, director, solutions architects, for Arbor Networks, in a statement. “DDoS attacks continue to evolve. Not only have volumetric attacks grown significantly in size and frequency over the past 18 months, application-layer attackers are also still pervasive. In order to deal with the full scope of the modern DDoS threat, we strongly recommend a multi-layered defense, one that integrates on-premise protection against application-layer attacks with cloud-based protection against higher magnitude volumetric attacks. Only then is an organization fully protected from DDoS attacks today.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.