As the security industry has got wise to the use of the Network Time Protocol vulnerability to create DrDoS (Distributed reflected Denial of Service) attacks their traffic levels have dropped by 86 per cent.
However, traditional multi-vector attacks against servers and websites have seen their traffic increase by 140 per cent. Attacks using the TCP SYN and HTTP GET protocols are now the most frequent and severe threats to enterprises and service providers. This is according to a threat report for the second quarter of 2014 from attack protection specialist Black Lotus.
The report, which looks at DDoS attack data gathered between April 1st and June 30th, 2014, shows that Black Lotus customers experienced a drop in the volume of total attacks by 40 per cent, and attacks characterised as severe (that is those having high traffic levels) decreased by 15 per cent. These changes can be put down to attackers resorting to more complex attacks, such as SYN floods and application layer attacks, instead of amplification attacks.
"Since patched systems now make it easier to combat NTP threats, recent attacks have drastically decreased in volume when malicious users were unable to use a sufficient quantity of vulnerable systems in amplification," says Jeffrey Lyon, co-founder of Black Lotus. "However, enterprises should evaluate their protection against multi-vector attacks, since attackers can use SYN floods and application layer attacks to inundate networks, cause outages or disable serving content to legitimate users even without generating large bit volumes of traffic".
Of the 276,447 observed attacks, Black Lotus regarded 46,936 (17 per cent) of them as severe, most commonly targeting HTTP and domain name servers.
The largest DDoS attack observed during the report period was on May 20th and involved 59 Gbps and 29 millions of packets per second (Mpps). The average attack was 2.9 Gbps and 1.4 Mpps.
You can find out more and get a copy of the full report on the Black Lotus website.