DDoS hackers move to new protocol in Q3

Reflected distributed denial of service (DDoS) attacks are increasingly using the Simple Service Discovery Protocol (SSDP), according to the security firm Arbor Networks.

Hackers attempting to create a reflected attack use forged requests and IP address spoofing to trick numerous machines into flooding a target system with traffic.

30,000 attacks using SSDP were observed in the past quarter by Arbor, in what the firm expects to be an emerging trend capable of attaining attack speeds of 124Gbps.

Darren Anstee, director of solutions architects at Arbor, said: "Everyone is aware of the huge storm of NTP [network time protocol] reflection DDoS attacks in Q1 and early Q2, but although NTP reflection is still significant there isn’t as much going on now as there was – unfortunately, it is looking more and more like SSDP will be the next protocol to be exploited in this way.

"Organisations should take heed and ensure that their DDoS defence is multi-layered, and designed to deal with both attacks that can saturate their connectivity, and more stealthy, sophisticated application layer attacks."

NTP attacks are still a significant threat to firms, but are in decline despite accounting for about half of attacks operating at speeds greater than 100Gbps, 133 of which 133 been spotted this year.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing