DDoS attacks rise 371% in 30 days
High-alert threat advisory issued on NTP amplification DDoS attacks
There has been a recent surge in NTP-amplification DDoS attacks, according to Prolexic Technologies, a US-based provider of distributed denial of service (DDoS) protection services.
The reason for this type of attack becoming more popular is because of new, widely available DDoS toolkits that make it simple to generate high-bandwidth, high-volume DDoS attacks against online targets.
Mahmoud Samy, area head, Middle East, Pakistan and Afghanistan at Arbor Networks said: “In 2014, attacks over 100Gbps are becoming common place. Beginning in late December 2013, a series of NTP reflection/amplification DDoS attacks was launched against multiple online gaming services, causing widespread outages. The incidents were based around a UDP-based reflection/amplification DDoS attack via the network time protocol (NTP) on UDP port 123.”
According to Samy, most attacks in the Middle East are politically motivated. He said: “It is very common to see hackers bring down websites and deface them with political messages.”
Application-layer attacks have become more and more common over the past three to four years and can be effective at very low bandwidths and are the most stealthy. According to Arbor’s Annual Worldwide Infrastructure report, nearly 90% of survey respondents have experienced application-layer attacks. Adding to the complexity is the multi-vector attack, which combines high-volume, application-layer and infrastructure attacks at multiple targets. Additionally, these attacks are often used as a distraction to carry out another. The top three verticals in the Middle East for cyber attacks are oil & gas, finance and government.
Attacks such as these can be prevented and fixed quite quickly; however Nicolai Solling, director of technology services at help AG, pointed out the financial implications of such an attack: “Research has shown that the victim organisation can stand to lose anywhere between $10,000 to $50,000 an hour depending on the nature of the business. This is the cost associated with time taken by the IT department in mitigating the attack and restoring systems, and the consequent loss of productivity. Furthermore, there are overheads associated with marketing, sales and support as staff may have to work extra hours to compensate for the downtime.”
A blog from Trend Micro by Ben April, a senior threat researcher, advises on protection: “Configure your edge-routing devices to only allow incoming packets from an interface if a reply to that packet could reasonably be routed to that interface. Not only does this prevent NTP, chargen and DNS-spoofing attacks from using your network assets to attack others, it prevents all IP spoofing that would cross your network.”
However, Tony Zabeneh, team leader of Sales Engineering at Trend Micro believes that the Middle East is not vulnerable. While there has been an increase in NTP attacks, it has been globally and the Middle East is no more vulnerable or less secure than any other region: “Most organisations here in this region, specifically in the UAE, whether government, private sector, banking or health sector, are all security aware. They are following guidelines and following mandates…they are very aware of the security, very specific and very good at applying best practices.”