Criminals behind distributed denial of service attacks are relying less on traditional botnets and more on techniques capable of launching larger assaults on websites.
Prolexic Technology, which is owned by Akamai, describes the trend toward so-called "reflection and amplification" techniques in its first quarter Global DDoS Attack Report released Thursday. The technique was used in an attack in the quarter that generated peak traffic of more than 200 Gb per second, the largest ever recorded by Prolexic.
Reflection and amplification is not new in DDoS attacks. The attacker's computers use the IP address of the target Web server in making requests over and over again from another server on the Internet. If enough requests are made, then the amount of data sent to the targeted site can take it down.
Typically, attackers generate traffic by making look-up requests to Domain Name System (DNS) servers. However, the latest report found that attackers have started using other commonly used Internet infrastructure services, such as the Character Generator Protocol (CHARGEN) and the Network Time Protocol (NTP).
The services have always been available, so why attackers have suddenly started using them for DDoS assaults is a mystery.
"I really don't know why it (the other services) hasn't been exploited, other than the fact that no one had realized that it's possible," Stuart Scholly, senior vice president and general manager of security at Akamai, said.
Amplification techniques are growing in popularity fast enough that shady websites are providing them as a service.
"These services will essentially do the work for you," Scholly said. "Some of them go under the guise of legitimate stress testing services. But the reality is they're likely not."
The use of reflection and amplification contributed to a 39 percent increase in the average attack bandwidth in the first quarter, compared to the fourth quarter of last year, the report found. Year-to-year, the average size of attacks grew 133 percent.
Amplification techniques were often used to attack a site's infrastructure. In general, infrastructure attacks were up 68 percent from the same quarter a year ago.
More than half of DDoS attacks in the quarter were aimed at the media and entertainment industry.