The largest so far GGoS attack happened yesterday registered at 1.3 Tbps. The target was GitHub. The attack was based on a flaw in Memcached servers made public just a few days ago. Apparently, cybercriminals can exploit Memcached servers to carry out large-scale DDoS attacks that don’t require a lot of computational resources, researchers say.
Why is this even possible? Due to the way the server developers deployed the support for the UDP protocol.
DDoS Attacks Based on a Flaw in Memcached Servers
The issue within Memcached was recently reported by Akamai, Arbor Networks and Cloudflare. The experts said that they detected observing an uptick in distributed denial-of-service attacks based on UDP packets amplified by Memcached servers. These servers are typically used to aid database-driven websites by boosting the memory caching system.
As already said, the flaw is present in the UDP protocol implementation of the above mentioned servers that intensify incoming packets over 50,000 times. The vulnerable port that serves to amplify packet sizes and redirect the packets is port 11211 which is exposed by Memcached servers in default configurations.
Apparently, there are more than 93,000 servers currently connected online “awaiting” to be exploited for DDoS, as in the case with the attack on GitHub.
Luckily, the attack was mitigated almost immediately regardless of the record-breaking size of 1.3 Tbps. Unfortunately, researchers are expecting to see more attacks on a regular basis based on the flaw in Memcached servers.
This is not the first time in recent history where Memcached servers were leveraged in DDoS. Furthermore, the size of the attacks is also expected to grow steadily, and the GitHub record may soon be surpassed.
The previous largest size of DDoS was estimated at 1 Tbps, and the attack was against French hosting provider OVH.
OVH is a hosting company that was a victim of the biggest DDoS attack registered in September, 2016. The attack surpassed the DDoS on KrebsOnSecurity which also took place in that timeframe. In this attack, IoT devices and CCTV cameras were leveraged.