News Feature | August 19, 2014

Cyberattackers Revert To Old Methods: Rate Of SYN Flood Attacks Increases

By Trisha Leon, contributing writer

SYN Flood Attacks Increases

Black Lotus, a provider of distributed denial of service (DDoS) protection, has issued a warning that despite a significant drop in network time protocol distributed reflection denial-of-service (NTP DrDoS) attacks in 2014, traditional, tried-and-true multi-vector attacks against servers and websites have resurfaced as the most frequent, severe threat to enterprises and service providers. You should make sure you are protecting your clients against SYN flood attacks, which, although smaller in size, are highly effective and difficult to stop without purpose-built commercial denial of service (DDoS) mitigation hardware or services.

Black Lotus compiles its quarterly threat reports by drawing on the latest attack data from its network logs and analyzing the results for trends in attack size, duration, method, source and other characteristics. The report’s findings show that:

  • The largest DDoS attack observed during the report period was on May 20. It was 59 Gbps and 29 millions of packets per second (Mpps), a sharp decline in volume due to NTP and other variants of amplification attacks becoming more difficult to execute after enterprises patched their systems.
  • Of the 276,447 observed attacks, Black Lotus regarded 46,936 (17 percent) of them as severe, characterized by extreme traffic levels compared to the target’s typical traffic baseline.
  • The average attack during the period reported was 2.9 Gbps and 1.4 Mpps, consistent with the previous quarter, indicating that networks must maintain a DDoS mitigation defense capable of at least 5 Gbps to safely defend against the majority of attacks.
  • During the reporting period, 70.3 percent of severe attacks targeted servers and applications, most commonly HTTP servers and domain name services (DNS). Attacks on either application can result in site outages and are difficult to mitigate without professional assistance.

“Since patched systems now make it easier to combat NTP threats, recent attacks have drastically decreased in volume when malicious users were unable to use a sufficient quantity of vulnerable systems in amplification,” said Jeffrey Lyon, co-founder of Black Lotus, adding, “however, enterprises should evaluate their protection against multi-vector attacks, since attackers can use SYN floods and application layer attacks to inundate networks, cause outages or disable serving content to legitimate users even without generating large bit volumes of traffic.”