The largest ever DDoS attack, measuring 334Gbps of unwanted traffic, has been recorded at a data centre belonging to an Asian network operator in the first quarter of this year, according to the latest report from DDoS mitigation experts Arbor Networks.
The cyberattack was described as the biggest DDoS hack processed by the firm’s Atlas threat intelligence system, which monitors around a third of all internet traffic from its 330 clients, including telecom groups and internet service providers.
In the first quarter of 2015, Arbor reported 25 global attacks greater in size than 100Gbps, most of which targeted vulnerabilities in Network Time Server (NTP), Simple Service Discovery Protocol (SSDP) and DNS server deployments.
Arbor noted that SSDP seemed to be a significant attack vector over the past year, with the frequency of cyberattacks conducted via SSDP reflection amplification rising from three in the first quarter of 2014 to 83,000 in the fourth quarter, and to 126,000 currently – the biggest of which measured 137.88Gbps.
Reflection amplification is a hacking technique which allows cyberattackers to broaden the amount of traffic generated keep the source address hidden. The trick involves targeting weaknesses in poorly secured devices connected to the internet providing UDP services. By communicating a false request using a forged source IP address produces a response much greater in size than the original request which then overpowers any legitimate requests.
This is often enabled as service providers do not place adequate filters at the edge of their network to stop unwanted traffic with dodgy IP addresses.
“Attacks that are significantly above the 200Gbps level can be extremely dangerous for network operators and can cause collateral damage across service provider, cloud hosting and enterprise networks,” said Arbor director of solutions architects, Darren Anstee.
Anstee added that “DDoS attacks continue to evolve. Not only have volumetric attacks grown significantly in size and frequency over the past 18 months, application-layer attackers are also still pervasive.”