CYBER NEWS

New Record: DDoS Attack at 1.7 Tbps Based on the Memcached Flaw

Just last week a record-breaking DDoS attack took place – registered at 1.3 Tbps. The target was GitHub, and the attack was based on a flaw in Memcached servers recently made public. It became evident that cybercriminals can exploit Memcached servers to carry out large-scale DDoS attacks that don’t require a lot of computational resources, according to the researchers.

Related Story: New Largest DDoS Attack at 1.3 Tbps Hits GitHub

New Record-Breaking DDoS Attack Registered

Just few days later, and this record-breaking DDoS is broken once again with an attack at 1.7 Tbps which was detected by Netscout Arbor. The attack targeted a customer of a US-based service provider. Not surprisingly, the DDoS was based on the same memcached reflection/amplification method known from the attack on GitHub.

As pointed out by the research team at Arbor, “the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit”. That it is why it has become crucial to companies to do everything in their power to protect themselves:

Due to the nature of both the memcached service/protocol implementation as well as the prevalence and high bandwidth typically available to memcached reflectors/amplifiers, it is critical that network operators take proactive measures to ensure they are prepared to detect, classify, traceback, and mitigate these attacks, as well as ensure that any memcached installations on their networks and/or networks of their end-customers cannot be exploited as reflectors/amplifiers.

Another critically important step for companies is to start working with DDoS mitigation services that will sufficiently protect against DDoS attacks.

It is highly advisable for network operators to implement source address validation/BCP38/BCP84 in order to prevent their networks, plus the networks of their end-customers from being leveraged in reflection/amplification attacks.

In addition, another step to be considered is that network operators scan their IDC networks, so that abusable memcached installations are identify. This would help for the remediation steps to take place on a timely basis, the researchers conclude.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...