NSFOCUS DDoS Threat Report Reveals IoT-Connected Devices Contributing to the Rise in SSDP-based Reflection Attacks
April 21, 2015
Report States Online Gaming and Entertainment Sectors Continue to be High on the Target List and Attackers Are Becoming More Sophisticated
SAN FRANCISCO – April 21, 2015 (RSA, Moscone Center, Booth #832) – NSFOCUS released its bi-annual DDoS Threat Report today, revealing new attack findings and rising threats that organizations should be aware of throughout 2015. As the tide of distributed denial-of-service (DDoS) attacks continues to expand, the rise of the Internet of Things (IoT) and the influx of network connected devices, such as webcams and routers, are leading to the growth of Simple Service Discovery Protocol (SSDP)-based amplification attacks. To download the entire report, visit HERE
Results of statistical analysis and key observations are based on data from actual incidents of DDoS attacks that occurred during the second half of 2014. This data was collected from a mix of global enterprises, Internet service providers, regional telecom operators and Internet hosting companies.
- The rise of IoT-connected devices responsible for an increase in SSDP reflection attacks:With the proliferation of the Internet of Things, any network-connected device with a public IP address and vulnerable operating system will increase the number of devices that could be used to launch SSDP–based reflection attacks. This particular type of DDoS attack was seen as the second most dominant threat, after NTP-based attacks, in 2H2014. More than 30 percent of compromised SSDP attack devices were network-connected devices such as home routers and webcams. Findings also revealed that globally, more than 7 million SSDP-controlled devices could potentially be exploited.
- Attackers are becoming smarter:While 90 percent of DDoS attacks lasted less than 30 minutes, one attack lasted 70 hours. This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploy malware and steal data. These techniques indicate that today’s attacker continues to become smarter and more sophisticated.
- Online retailers, media and gaming remain top targets: As retailers, entertainment and gaming companies increasingly employ online environments, consumers demand the highest level of quality of service. By slowing down or flooding these servers, attackers look to take advantage of online businesses through a variety of means, including blackmail, unfair business competition or asset theft.
Yonggang Han, COO of global business, NSFOCUS, said:
“We are watching the evolution of attack technologies that amount to nothing less than ‘bullying’ (flood attacks) and ‘leveraging’ (resource exhaustion) tactics that enhance the impact by exploiting network bandwidth. To counteract these assaults, organizations must look to traffic- cleaning devices in conjunction with other security protocols.”
Visit us at RSA2015, April 20-23 – South Hall, Booth# 832
NSFOCUS is a global provider of distributed denial of service (DDoS) mitigation solutions. Founded in 2000, the company provides enterprise-level, carrier-grade solutions for DDoS mitigation, Web security and enterprise-level network security. With more than a decade of experience in DDoS research and development and mitigation, NSFOCUS has helped customers around the world maintain high levels of Internet security, website uptime and business operations to ensure that their online systems remain available. The NSFOCUS Anti-DDoS System (ADS) empowers customers to find and fend off a variety of incidents, from simple network layer attacks to more sophisticated and potentially damaging application-layer attacks, all while guaranteeing legitimate traffic gets through to networks and corporate-critical systems. For more information, visit www.nsfocus.com.