Just last week a record-breaking DDoS attack took place – registered at 1.3 Tbps. The target was GitHub, and the attack was based on a flaw in Memcached servers recently made public. It became evident that cybercriminals can exploit Memcached servers to carry out large-scale DDoS attacks that don’t require a lot of computational resources, according to the researchers.
New Record-Breaking DDoS Attack Registered
Just few days later, and this record-breaking DDoS is broken once again with an attack at 1.7 Tbps which was detected by Netscout Arbor. The attack targeted a customer of a US-based service provider. Not surprisingly, the DDoS was based on the same memcached reflection/amplification method known from the attack on GitHub.
As pointed out by the research team at Arbor, “the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit”. That it is why it has become crucial to companies to do everything in their power to protect themselves:
Due to the nature of both the memcached service/protocol implementation as well as the prevalence and high bandwidth typically available to memcached reflectors/amplifiers, it is critical that network operators take proactive measures to ensure they are prepared to detect, classify, traceback, and mitigate these attacks, as well as ensure that any memcached installations on their networks and/or networks of their end-customers cannot be exploited as reflectors/amplifiers.
Another critically important step for companies is to start working with DDoS mitigation services that will sufficiently protect against DDoS attacks.
It is highly advisable for network operators to implement source address validation/BCP38/BCP84 in order to prevent their networks, plus the networks of their end-customers from being leveraged in reflection/amplification attacks.
In addition, another step to be considered is that network operators scan their IDC networks, so that abusable memcached installations are identify. This would help for the remediation steps to take place on a timely basis, the researchers conclude.