Incident Response, TDR

Report: SSDP reflection attacks spike, and other Q1 2015 DDoS trends

The largest distributed denial-of-service (DDoS) attack ever detected by Arbor Networks systems was observed in the first quarter of this year – a 334Gbps flood against a target in India that lasted six minutes, according to the security company's Q1 2015 DDoS Report.

The finding shows how DDoS attacks will continue to grow in size as overall internet infrastructure increases, Gary Sockrider, solutions architect at Arbor Networks, told in a Tuesday email correspondence.

Arbor Networks noted in the report that 17.7 percent of attacks in the first quarter of this year have been greater than 1Gbps, compared to 16 percent in 2014, and that 25 attacks have been greater than 100Gbps, compared to 159 attacks in 2014.

Specifically, SSDP reflection/amplification DDoS attacks are on the rise. In the first quarter of this year, Arbor Networks observed 126,000 attacks using the vector, compared to 83,000 in the final quarter of the previous year. Arbor Networks observed three attacks using the vector in the first quarter of 2014.

Sockrider could not attribute the spike to anything in specific, but he said that “SSDP infrastructure is vulnerable and the attacks are effective. It is common to see successful techniques repeated over time just as we saw last year with NTP based reflection/amplification attacks.”

Also shown in the report is how highly targeted the U.S. is, which Sockrider attributed to economic and political reasons, as well as the advanced state of the country's internet infrastructure.

Arbor Networks observed 16 percent of overall attacks in the first quarter of 2015 targeting the U.S. and China, and eight percent targeting France. Additionally, 13 percent of attacks greater than 10Gbps targeted the U.S. in the first quarter of this year, with 18 percent having targeted France and eight percent having targeted Denmark.

“As the size and frequency of attacks continue to grow, organizations need to be prepared for the inevitable more than ever,” Sockrider said. “DDoS is no longer someone else's problem. Every organization conducting business over the internet should have a plan and solution in place to deal with these attacks.”

Sockrider said that the best defense involves an on-premise and real-time DDoS mitigation to see and stop application layer attacks, and an integrated cloud-based mitigation solution to stop large scale packet floods.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.