High-Bandwidth NTP Amplification DDoS Attacks Escalate 371 Percent in the Last 30 days
Prolexic Issues High Alert DDoS Attack Threat Advisory
"During the month of February, we saw the use of NTP amplification attacks surge 371 percent against our client base," said Stuart Scholly, SVP/GM Security, Akamai Technologies. "In fact, the largest attacks we've seen on our network this year have all been NTP amplification attacks."
While NTP amplification attacks have been a threat for many years, a number of new DDoS attack toolkits have made it easier for malicious actors to launch attacks with just a handful of servers. With the current batch of NTP amplification attack toolkits, malicious actors could launch 100 Gbps attacks - or larger - by leveraging just a few vulnerable NTP servers.
A troubling DDoS attack trend
In just one month (February 2014 vs. January 2014):
- The number of NTP amplification attacks increased 371.43 percent
- Average peak DDoS attack bandwidth increased 217.97 percent
- The average peak DDoS attack volume increased 807.48 percent
Unlike the largest attacks of the past two years, the NTP amplification attacks were not focused on any particular sector. Industries targeted by NTP amplification attacks in February included finance, gaming, e-Commerce, Internet and telecom, media, education, software-as-a-service (SaaS) providers and security.
In the Prolexic Security Engineering & Response Team (PLXsert) lab environment, simulated NTP amplification attacks produced amplified responses of 300x or more for attack bandwidth and 50x for attack volume, making this an extremely dangerous attack method.
PLXsert's NTP Amplification Attack threat advisory provides a detailed analysis of the threat, sample payloads, recommended DDoS protection and mitigation techniques, as well as case studies on two NTP amplification attack campaigns directed against Prolexic clients. A complimentary download of the threat advisory is available at www.prolexic.com/ntp-amplification.
Prolexic Threat Advisories
Designed to provide early warnings of new or modified DDoS denial of service attack signatures and scripts, recently observed by PLXsert, each threat advisory contains a detailed description of the type of DDoS attack, a list of attack signatures, and the specific network infrastructure or application that it targets. In addition, Prolexic's DDoS mitigation experts also offer insight into the nature of each type of attack, as well as provide specific warnings as to how the attack will affect businesses and enterprises of different sizes and infrastructures.
About the Prolexic Security Engineering & Response Team (PLXsert)
PLXsert monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment. Through data forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with customers. By identifying the sources and associated attributes of individual attacks, PLXsert helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.
Details of Prolexic's DDoS mitigation activities and insights into the latest tactics, types, targets and origins of global DDoS attacks are provided in quarterly reports published by the company. Prolexic's global DDoS attack reports are available at www.prolexic.com/attackreports.
Prolexic, now part of Akamai, is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world's largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming, energy and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first in-the-cloud DDoS mitigation platform, Prolexic is headquartered in Ft. Lauderdale, Florida, and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit www.prolexic.com, follow us on LinkedIn, Facebook, Google+, YouTube, and @Prolexic on Twitter.
Akamai[b]® [/b]is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or http://blogs.akamai.com, and follow @Akamai on Twitter.