New research from Arbor Networks reveals a significant jump in Simple Service Discovery Protocol (SSDP) reflection attacks during the third quarter of the year.
While only a few such attacks occurred during the second quarter of 2014, nearly 30,000 attacks with this source port were uncovered during Q3 alone. One of these attacks reached 124 Gbps.
“Everyone is aware of the huge storm of NTP reflection DDoS [distributed denial-of-service] attacks in Q1 and early Q2, but although NTP reflection is still significant there isn’t as much going on now as there was – unfortunately, it is looking more and more like SSDP will be the next protocol to be exploited in this way,” explained Arbor Networks Director of Solutions Architects Darren Anstee, in a statement. “Organizations should take heed and ensure that their DDoS defense is multi-layered, and designed to deal with both attacks that can saturate their connectivity, and more stealthy, sophisticated application layer attacks.”
During the month of September, 9 percent of all attacks overall and 42 percent of all attacks greater than 10 Gbps appeared to use SSDP reflection.
While NTP reflection attacks were still significant, they continued to fall during the third quarter. The represented just five percent of attacks overall, compared to 14 percent in Q1. However, more than half of all attacks greater than 100 Gbps were still NTP reflection attacks, Arbor Networks found. They also accounted for 28 percent of attacks over 10 Gbps, down from 56 percent in the first quarter and 34 percent in the second.
Large volumetric attacks happened more frequently than in the past, with 133 attacks over 100 Gbps so far this year. The average attack size during the quarter was 858.98 Mbps, with a peak attack of 264.6 Gbps. More than 16 percent of all attacks were above 1 Gbps, up from 15.3 percent in the second quarter.
The proportion of events lasting less than 1 hour is gradually increasing, and now stands at 91.2 percent, according to the company. Security firm NSFOCUS reported recently that more than 90 percent of the attacks it detected during the first half of the year were less than 30 minutes.
“The big takeaway this quarter is clear – stay the course: employ a multi-layered approach to DDoS defense to ensure your organization is safeguarded from both complex, stealthy DDoS attacks, and the very large attacks that can quickly saturate Internet connectivity,” according to Arbor Networks’ blog.
More statistics can be found here.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
