Internet security experts from Cloudflare say the Internet saw a massive denial-of-service attack that exploited a vulnerability in the Web’s infrastructure, resulting in the largest such attack of its kind ever recorded, and they warn that this is the just beginning of “ugly things to come.”
The specific target of the attack is as of yet unknown, but researchers confirmed it was directed at servers in Europe and exploited flaws in the Network Time Protocol (NTP) to overwhelm servers with huge amounts of data.
NTP is used to synchronize clocks on systems, and the researchers say this new denial-of-service tactic could be used to bring down popular websites or critical platforms such as those for banking or healthcare, as they had predicted just a few months prior to the attack.
“We’d long thought that NTP might become a vector for DDoS attacks because, like DNS, it is a simple UDP-based protocol that can be persuaded to return a large reply to a small request. Unfortunately, that prediction has come true,” wrote Cloudflare’s John Graham-Cumming.
“Unfortunately, the simple UDP-based NTP protocol is prone to amplification attacks because it will reply to a packet with a spoofed source IP address and because at least one of its built in commands will send a long reply to a short request. That makes it ideal as a DDoS tool.”
Why is the NTP so vulnerable to exploitation? It’s because this and other similar protocols were developed early in the Internets development, and most involved in the process never imagined the magnitude of the Web or the potential for malicious actors to take advantage of such functions.
“A lot of these protocols are essential, but they’re not secure,” said Prof Alan Woodward. “All you can really do is try and mitigate the denial of service attacks. There are technologies around to do it.”