Over one-third of data centers at some point during the year ended up cut off by the largest distributed denial-of-service (DDoS) attack that tripled the previous record for bandwidth, a new report said.
The largest distributed denial-of-service attacks jumped in size in 2013, with the most intense topping 300G bps, triple the bandwidth of the previous largest attack, according to Arbor Networks’ annual security report.
The dramatic increase in bandwidth was the result of attackers adopting reflection techniques, which use vulnerable servers to turn relatively small data packets into much larger digital floods that focus on a particular victim’s network, said Gary Sockrider, solutions architect for the Americas at Arbor Network.
The most common form of a reflection attack, also known as an amplification attack, is to send a request to a vulnerable domain name service (DNS) server with a spoofed source address. The result is attacks ranging in size from tens of gigabits per second to hundreds of gigabits per second, which amounts to an attack on the Internet infrastructure, he said.
“The only people that have pipes that big are the carriers themselves, and therefore these are attacks on their infrastructure,” Sockrider said.
The end of last year saw attackers using another type of reflection to amplify their denial-of-service attacks. Rather than use the DNS protocol, attackers used a service in older versions of the network time protocol, or NTP. Such attacks temporarily caused disruption on a number of online computer game networks.
Yet NTP packets are typically easy to block, while DNS traffic requires a more thoughtful response, Sockrider said.
“DNS is an absolutely critical infrastructure for the Internet, and it’s vulnerable to being used in reflection attacks, and there are 27 million open resolvers (vulnerable DNS servers) out there,” he said.
Not only did the volume of the largest attacks increase, but the rate at which companies ended up targeted increased as well. In 2013, the number of attacks exceeding 20G bps increased by a factor of 8, compared to the previous year, according to Arbor’s data.
Attackers did not just rely on swamping Internet-connected servers and networks with large volumes of data which are “volumetric attacks.” They also used application-layer attacks to bring down services by specifically targeting Web servers, databases and routers with requests that taxed processors and memory, slowing down the device and applications to a standstill. These application-layer attacks also increased in 2013, but not at the same frenetic pace as volumetric attacks, Sockrider said.
Almost one-quarter of all attacks attempted to create a denial-of-service condition by targeting applications, according to Arbor’s report.
Most of the attacks — 54 percent — used encrypted HTTP as a way to get past firewalls and intrusion detection systems, up from 37 percent in 2012 and 24 percent in 2011.
“Using HTTPS is primarily for obfuscation, to get past traditional security appliances,” Sockrider said.
Political and ideological hacktivism topped attackers’ reasons for targeting specific victims. About 40 percent of attackers claimed an attack was for a political or ideological purpose, while one-third of attacks related to online gaming.
Click here to register for the security report.