Enlarge (credit: Getty Images)

Distributed denial-of-service attackers have seized on a new vector for amplifying the junk traffic they lob at targets to take them offline: end users or networks using the Plex Media Server.

DDoS amplification is a technique that leverages the resources of an intermediary to increase the firepower of attacks. Rather than sending data directly to the server being targeted, machines participating in an attack first send the data to a third party in the form of a request for a certain service. The third party then responds with a much larger payload to the site the attackers want to take down.

So-called amplification attacks work by sending the third parties requests that are manipulated so they appear to have come from the target. When the third parties respond, the replies go to the target rather than the attacker device that sent the request. One of the most powerful amplifiers used in the past was the memcached database caching system , which can magnify payloads by a factor of 51,000. Other amplifiers include misconfigured DNS servers and the Network Time Protocol , to name only three.

Enlarge / Hacker attacking server or database. Network security, Database secure and personal data protection (credit: Getty Images)

DDoS-for-hire services are abusing the Microsoft Remote Desktop Protocol to increase the firepower of distributed denial-of-service attacks that paralyze websites and other online services, a security firm said this week.

Typically abbreviated as RDP, Remote Desktop Protocol is the underpinning for a Microsoft Windows feature that allows one device to log into another device over the Internet. RDP is mostly used by businesses to save employees the cost or hassle of having to be physically present when accessing a computer.

As is typical with many authenticated systems, RDP responds to login requests with a much longer sequence of bits that establish a connection between the two parties. So-called booter/stresser services, which for a fee will bombard Internet addresses with enough data to take them offline, have recently embraced RDP as a means to amplify their attacks, security firm Netscout said .

Enlarge (credit: Aurich Lawson / Getty)

Distributed denial-of-service attacks—those floods of junk traffic that criminals use to disrupt or completely take down websites and services—have long been an Internet scourge, with events that regularly cripple news outlets and software repositories and in some cases bring huge parts on the Internet to a standstill for hours . Now there’s evidence that DDoSes, as they’re usually called, are growing more potent with two record-breaking attacks coming to light in the past week.

DDoS operators hack thousands, hundreds of thousands and in some cases millions of Internet-connected devices and harness their bandwidth and processing power. The attackers use these ill-gotten resources to bombard sites with torrents of data packets with the goal of taking the targets down. More advanced attackers magnify their firepower by bouncing the malicious traffic off of third-party services that in some cases can amplify it by a factor of 51,000 , a feat that, at least theoretically, allows single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic.

These types of DDoSes are known as volumetric attacks. The objective is to use machines distributed across the Internet to send orders of magnitude more traffic volume to a circuit than it can handle. A second class— known as packet-per-second focused attacks—forces machines to bombard network gear or applications inside the target’s data center with more data packets than they can process. The objective in both types of attacks is the same. With network or processing capacity fully consumed, legitimate users can no longer access the target’s resources, resulting in a denial of service.