DDoS Attackers Change Techniques To Wallop Sites

Criminals behind distributed denial of service attacks are relying less on traditional botnets and more on techniques capable of launching larger assaults on websites.

Prolexic Technology, which is owned by Akamai, describes the trend toward so-called "reflection and amplification" techniques in its first quarter Global DDoS Attack Report released Thursday. The technique was used in an attack in the quarter that generated peak traffic of more than 200 Gb per second, the largest ever recorded by Prolexic.

Reflection and amplification is not new in DDoS attacks. The attacker's computers use the IP address of the target Web server in making requests over and over again from another server on the Internet. If enough requests are made, then the amount of data sent to the targeted site can take it down.

Typically, attackers generate traffic by making look-up requests to Domain Name System (DNS) servers. However, the latest report found that attackers have started using other commonly used Internet infrastructure services, such as the Character Generator Protocol (CHARGEN) and the Network Time Protocol (NTP).

The services have always been available, so why attackers have suddenly started using them for DDoS assaults is a mystery.

"I really don't know why it (the other services) hasn't been exploited, other than the fact that no one had realized that it's possible," Stuart Scholly, senior vice president and general manager of security at Akamai, said.

Amplification techniques are growing in popularity fast enough that shady websites are providing them as a service.

"These services will essentially do the work for you," Scholly said. "Some of them go under the guise of legitimate stress testing services. But the reality is they're likely not."

The use of reflection and amplification contributed to a 39 percent increase in the average attack bandwidth in the first quarter, compared to the fourth quarter of last year, the report found. Year-to-year, the average size of attacks grew 133 percent.

Amplification techniques were often used to attack a site's infrastructure. In general, infrastructure attacks were up 68 percent from the same quarter a year ago.

More than half of DDoS attacks in the quarter were aimed at the media and entertainment industry.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cybercrimebotnetslegalcyber attacksespionageAkamai TechnologiesDDoS attackProlexic TechnologiesProlexic Technology

More about Akamai TechnologiesTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts