Incident Response, TDR

NTP DrDoS down in Q2, multi-vector attacks up, study finds

Peak bit volume of Network Time Protocol (NTP) distributed reflection denial-of-service (DrDoS) amplification attacks dropped by 86 percent in the second quarter of 2014 while multi-vector attacks against websites and servers, such as TCP SYN and HTTP GET, once again became the top threat, according to report from Black Lotus.

The “Q2 2014 Threat Report” attributed the quarter-over-quarter decline in DrDoS amplified assaults to info security professionals patching vulnerabilities and upgrading the systems associated with NTP. 

The Q2 findings showed that TCP SYN and HTTP GET attacks rose 140 percent, prompting Black Lotus to warn organizations to take steps to guard against smaller sized but extremely effective SYN flood attacks, which are difficult to stop. 

The security company's report analyzed distributed denial-of-service (DDoS) attacks afflicting their customers between April 1 and June 30 of this year. The volume of total attacks dropped by 40 percent and those pegged as severe declined 15 percent, likely a result of attackers switching to SYN floods and application layer attacks.

Researchers at Black Lotus observed the largest DDoS attack — at 50 Gbps and 29 millions of packets per second (Mpps) — on May 20, a sharp drop after system patches made amplification attacks more difficult. 

All in all, the company found 276,447 attacks with 46,936 ranking as severe.  

The average attack size was 2.9 Gbps and 1.4 Mpps. In the second quarter, 70.3 of the attacks were aimed at servers and applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.