1 week ago

Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days


Memcached reflections which recently fueled two most largest amplification DDoS attacks from the history have also helped various other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a brand-new report revealed.

Chinese Qihoo 360’s Netlab, whose global DDoS monitoring service ‘DDosMon’ initially spotted the Memcached-based DDoS attacks, has published a blog post detailing some brand-new statistics about the victims as well as sources of these attacks.

The list of famous online services as well as websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub (1.35 Tbps attack), Royal Bank, Minecraft as well as RockStar games, Avast, Kaspersky, PornHub, Epoch Times newspaper, as well as Pinterest.

Overall, the victims are mainly based from the United States, China, Hong Kong, South Korea, Brazil, France, Germany, the United Kingdom, Canada, as well as the Netherlands.

Memcached DDoS Attacks

According to Netlab researchers, the frequency of attacks since 24th February has increased dramatically, as listed below:

  • Before 24th February, the day when Memcached-based DDoS attacks were first spotted, the daily average was less than 50 attacks.
  • Between 24th as well as 28th February, when Memcached as a brand-new amplification attack vector was not publicly disclosed as well as known to a smaller group of people, the attacks raised to an average of 372 attacks per day.
  • Soon after the first public report came on 27th February, between 1st as well as 8th March, the total number of attacks jumped to 13,027, with an average of 1,628 DDoS attack events per day.

Netlab’s 360 0kee team initially discovered the Memcached vulnerability in June 2017 as well as disclosed (presentation) which in November 2017 at a conference, nevertheless its researchers have hardly seen any Memcache DDoS attacks since then.

The maximum number of active vulnerable Memcached servers at a time which participated from the DRDoS attacks was 20,612.

I don’t want to exaggerate which nevertheless expect hundreds of thousands of Memcached-based DDoS attacks in coming days, as hackers as well as researchers have right now released multiple easy-to-execute exploits which could allow anyone to launch Memcached amplification attacks.

However, researchers have also discovered a ‘kill-switch’ technique which could help victims mitigate Memcached DDoS attacks efficiently.

Despite multiple warnings, over 12,000 vulnerable Memcached servers with UDP support enabled are still exposed on the Internet, which could fuel more cyber attacks.

Therefore, server administrators are strongly advised to install the latest Memcached 1.5.6 type which disables UDP protocol by default to prevent amplification/reflection DDoS attacks.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

3 + 4 =