Innovation in the DDoS marketplace now offers attackers better tools to maximise damage using fewer resources, according to a new report from Akamai Technologies.
Attackers are now using reflection techniques instead of infection techniques for greater impact of DDoS attacks, with the average peak of bandwidth increasing by 114% during first quarter compared to fourth quarter of 2013.
Akamai Technologies SVP and general manager of security, Stuart Scholly, said in Q1, DDoS attackers relied less upon traditional botnet infection in favour of reflection and amplification techniques.
"Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices," Scholly said.
"We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors."
During the quarter, the security firm observed that there was a 39% increase in average bandwidth, which involved multiple reflection techniques combined with a traditional botnet-based application attack to generate peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second).
Most abused protocols during the period included Character Generator (CHARGEN), Network Time Protocol (NTP) and Domain Name System (DNS).
The protocols, which are all based on the User Datagram Protocol (UDP), were favoured because it helps attackers hide their identities.
More than half of the DDoS attack targeted Media and Entertainment industry which was attacked by 54% of the malicious packets during the quarter.
There was also a 47% increase in total DDoS attacks, compared to last year, which is a 9% decrease in the average attack bandwidth, a 68% increase in infrastructure attacks and 133% spike in average peak bandwidth.