New research from Arbor Networks reveals a significant jump in Simple Service Discovery Protocol (SSDP) reflection attacks during the third quarter of the year.
While only a few such attacks occurred during the second quarter of 2014, nearly 30,000 attacks with this source port were uncovered during Q3 alone. One of these attacks reached 124 Gbps.
“Everyone is aware of the huge storm of NTP reflection DDoS [distributed denial-of-service] attacks in Q1 and early Q2, but although NTP reflection is still significant there isn’t as much going on now as there was – unfortunately, it is looking more and more like SSDP will be the next protocol to be exploited in this way,” explained Arbor Networks Director of Solutions Architects Darren Anstee, in a statement. “Organizations should take heed and ensure that their DDoS defense is multi-layered, and designed to deal with both attacks that can saturate their connectivity, and more stealthy, sophisticated application layer attacks.”
During the month of September, 9 percent of all attacks overall and 42 percent of all attacks greater than 10 Gbps appeared to use SSDP reflection.
While NTP reflection attacks were still significant, they continued to fall during the third quarter. The represented just five percent of attacks overall, compared to 14 percent in Q1. However, more than half of all attacks greater than 100 Gbps were still NTP reflection attacks, Arbor Networks found. They also accounted for 28 percent of attacks over 10 Gbps, down from 56 percent in the first quarter and 34 percent in the second.
Large volumetric attacks happened more frequently than in the past, with 133 attacks over 100 Gbps so far this year. The average attack size during the quarter was 858.98 Mbps, with a peak attack of 264.6 Gbps. More than 16 percent of all attacks were above 1 Gbps, up from 15.3 percent in the second quarter.
The proportion of events lasting less than 1 hour is gradually increasing, and now stands at 91.2 percent, according to the company. Security firm NSFOCUS reported recently that more than 90 percent of the attacks it detected during the first half of the year were less than 30 minutes.
“The big takeaway this quarter is clear – stay the course: employ a multi-layered approach to DDoS defense to ensure your organization is safeguarded from both complex, stealthy DDoS attacks, and the very large attacks that can quickly saturate Internet connectivity,” according to Arbor Networks’ blog.
More statistics can be found here.