Amplification and reflection distributed denial-of-service (DDoS) attacks are on the rise, according to the Q1 2014 Global DDoS Attack Report by DDoS mitigation services provider Prolexic, which was published Thursday by Akamai Technologies.
The first quarter of 2014 saw a 35 percent increase in Layer 3 and Layer 4 attacks when compared to the final quarter of 2013, and a 68 percent increase when compared to the first quarter of 2013, according to the report.
“Reflection and amplification DDoS attacks generally are Layer 3 and Layer 4 attacks,” John Summers, VP of Security Products with Akamai Technologies, told SCMagazine.com on Friday. “Layer 3 and Layer 4 refer to the networking protocols that are used to send messages between servers over the Internet.”
Those protocols include User Datagram Protocol (UDP), Transmission Control Protocol (TCP), and Network Time Protocol (NTP), as well as others, Summers said, explaining that these attacks essentially involve requesting small packets that return large responses – which “amplifies” the attack.
With amplification and reflection attacks increasing, Layer 7 attacks took a hit, decreasing by 36 percent from the final quarter of 2013 into the first quarter of 2014, according to the report.
“Layer 7 refers to the application layer and the use of the HTTP protocol to launch attacks,” Summers said. “Layer 7 attacks either involve sending a flood of HTTP requests or putting attack code inside an HTTP request to try and steal data or take control of an application server.”
An increasing number and wide availability of easy to use amplification and reflection DDoS tools is resulting in attackers gravitating toward Layer 3 and Layer 4 attacks, Summers said, adding that a Layer 7 attack is also less attractive because it typically requires greater skill and coordination.
Also in the report, the first quarter of 2014 saw an 18 percent increase in total DDoS attacks, a 39 percent increase in average attack bandwidth, a 114 percent increase in average peak bandwidth, and a 24 percent decrease in average attack duration, when compared to the final quarter of 2013.
“In this recent period the attackers have learned how to use flaws in existing protocols and older versions of those protocols to turn deployed internet infrastructure into attack tools for their own use,” Summers said. “It is essential that the industry conduct a campaign to deny these resources to the attackers.”