Distributed denial-of-service (DDOS) attacks that abuse Network Time Protocol (NTP) servers for amplification are becoming more and more common. In fact, Akamai subsidiary Prolexic warned that in February, it detected a 371% increase in the number of such attacks.
“During the month of February, we saw the use of NTP amplification attacks surge 371 percent against our client base. In fact, the largest attacks we’ve seen on our network this year have all been NTP amplification attacks,” revealed Stuart Scholly, SVP/GM Security, Akamai Technologies.
Experts highlight the fact that NTP amplification attacks are becoming more and more popular because cybercriminals can send 100 Gbps or even more to a certain server by abusing just a few vulnerable servers.
NTP amplification attacks haven’t targeted just a single sector. Instead, companies from industries like finance, e-commerce, gaming, telecom, media, education, security and SaaS providers have been targeted.
Simulations made by Prolexic have shown that these attacks produce responses amplified 300 times when it comes to bandwidth and 50 times for volume.
Statistics show that compared to January, in February, the average peak DDOS attack bandwidth increased by 217%, while the average peak volume increased by a whopping 807%.
In a recent interview we had with Marc Gaffan, co-founder of Incapsula, he noted that DNS amplification attacks are still the most common. However, at this rate, the situation could change very soon.
The complete report from Prolexic on NTP amplification attacks is available on the company’s website (registration required).