The theme for DDoS attacks in the first half of 2014 was volume, volume, volume. For the first time ever, our ATLAS® data shows an unparalleled 100+ attacks over 100 GB/sec. And the number of attacks in the 20 GB/sec range is already twice that of what ATLAS monitored in all of 2013.
Arbor’s Security Engineering & Response Team (ASERT) has been researching the recent uptick in Network Time Protocol (NTP) reflection/amplification attacks, dubbing this The Hockey Stick Era. While Q2 NTP amplification attack traffic is down slightly versus Q1, for the first half of this year overall, NTP amplification attack traffic is still very high compared to last year. NTP is a UDP-based protocol used to synchronize clocks over a computer network. NTP is popular due to its high amplification ratio of approximately 1000x and attacks tools are becoming readily available, making these attacks easy to execute.
In short, the overall frequency of very large attacks continues to be an issue, and organizations should take an integrated, multi-layered approach to protection. Even organizations with significant amounts of Internet connectivity are now seeing that capacity exhausted relatively easily by the nature of today’s attacks.
For a deeper dive into DDoS attack statistics from Q2 2014, visit SlideShare to download the findings from the quarter.
And for more on the NTP amplification threat, check out these recent ASERT blog posts on the topic: