Cloudflare announced that it was hit by a massive Denial of Service (DDoS) attack on Monday. The hackers reportedly found a weakness in the Network Time Protocol (NTP), which is used to synchronize computer clocks and poured huge amounts of data into the servers.
Hackers sue DDoS attacks to flood popular servers with so much data that they can't process it, leading to a complete shutdown of the server. In recent months, Internet security experts, including Cloudflare, warned that the NTP could potentially be used maliciously by hackers in DDoS attacks.
Although, the target is unknown, Cloudflare believes that servers in Europe were the ones under attack. Cloudflare's CEO Matthew Prince said that his company actually recorded the attack and discovered that at one point, it reached 400 Gbps. Prince took to Twitter to announce the attack.
"Very big NTP reflection attack hitting us right now. Appears to be bigger than the #Spamhaus attack from last year," Prince tweeted on Monday.
After realizing just how huge the attack was, Prince posted a second tweet warning that this attack is just the beginning and more nefarious attacks will be on the horizon.
"Someone's got a big, new cannon," Prince tweeted. "Start of ugly things to come."
Security experts around the world warned that the NTP could be exploited for exactly this purpose and many advised companies to prepare their defenses for this kind of attack. Cloudflare was one of the most vocal about the problem. Three months ago, Cloudflare published a report warning its clients and others that the NTP would soon be targeted.
Although the NTP receives only small amounts of data, it sends huge chunks of it back out, meaning that any data that goes in is reproduced in large quantities, causing what is known as an amplification attack.
"Amplification attacks like that result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting a victim from around the Internet," Cloudflare wrote in a blog post last month.
Unfortunately, the NTP is an essential part of the Internet's infrastructure, so it's not going anywhere soon. Companies can really only hope to protect themselves against the onslaught of new attacks. Network operators must install firewalls against external requests in order to block the incoming of malicious data that would flood their servers.
Luckily, Cloudflare was able to hold off the most massive DDoS attack in history, but the company knows that hackers will only get more creative now that they've found a weakness, so we could be in for some very serious attacks in the future.