Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SSDP Reflection Attacks Spike in Q3: Arbor Networks

 New research from Arbor Networks reveals a significant jump in Simple Service Discovery Protocol (SSDP) reflection attacks during the third quarter of the year. 

While only a few such attacks occurred during the second quarter of 2014, nearly 30,000 attacks with this source port were uncovered during Q3 alone. One of these attacks reached 124 Gbps.

 New research from Arbor Networks reveals a significant jump in Simple Service Discovery Protocol (SSDP) reflection attacks during the third quarter of the year. 

While only a few such attacks occurred during the second quarter of 2014, nearly 30,000 attacks with this source port were uncovered during Q3 alone. One of these attacks reached 124 Gbps.

“Everyone is aware of the huge storm of NTP reflection DDoS [distributed denial-of-service] attacks in Q1 and early Q2, but although NTP reflection is still significant there isn’t as much going on now as there was – unfortunately, it is looking more and more like SSDP will be the next protocol to be exploited in this way,” explained Arbor Networks Director of Solutions Architects Darren Anstee, in a statement. “Organizations should take heed and ensure that their DDoS defense is multi-layered, and designed to deal with both attacks that can saturate their connectivity, and more stealthy, sophisticated application layer attacks.”

During the month of September, 9 percent of all attacks overall and 42 percent of all attacks greater than 10 Gbps appeared to use SSDP reflection.

While NTP reflection attacks were still significant, they continued to fall during the third quarter. The represented just five percent of attacks overall, compared to 14 percent in Q1. However, more than half of all attacks greater than 100 Gbps were still NTP reflection attacks, Arbor Networks found. They also accounted for 28 percent of attacks over 10 Gbps, down from 56 percent in the first quarter and 34 percent in the second.

Large volumetric attacks happened more frequently than in the past, with 133 attacks over 100 Gbps so far this year. The average attack size during the quarter was 858.98 Mbps, with a peak attack of 264.6 Gbps. More than 16 percent of all attacks were above 1 Gbps, up from 15.3 percent in the second quarter.

The proportion of events lasting less than 1 hour is gradually increasing, and now stands at 91.2 percent, according to the company. Security firm NSFOCUS reported recently that more than 90 percent of the attacks it detected during the first half of the year were less than 30 minutes.

“The big takeaway this quarter is clear – stay the course: employ a multi-layered approach to DDoS defense to ensure your organization is safeguarded from both complex, stealthy DDoS attacks, and the very large attacks that can quickly saturate Internet connectivity,” according to Arbor Networks’ blog.

More statistics can be found here.  

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.