“During the month of February, we saw the use of NTP amplification attacks surge 371 percent against our client base,” said Stuart Scholly, SVP/GM Security, Akamai Technologies. “In fact, the largest attacks we’ve seen on our network this year have all been NTP amplification attacks.”
While NTP amplification attacks have been a threat for many years, a number of new DDoS attack toolkits have made it easier for malicious actors to launch attacks with just a handful of servers. With the current batch of NTP amplification attack toolkits, malicious actors could launch 100 Gbps attacks – or larger – by leveraging just a few vulnerable NTP servers.
In just one month (February 2014 vs. January 2014):
- The number of NTP amplification attacks increased 371.43 percent
- Average peak DDoS attack bandwidth increased 217.97 percent
- The average peak DDoS attack volume increased 807.48 percent.
In the Prolexic Security Engineering & Response Team lab environment, simulated NTP amplification attacks produced amplified responses of 300x or more for attack bandwidth and 50x for attack volume, making this an extremely dangerous attack method.