Records are meant to be broken but we didn’t wish this record to be broken. It was broken and broken by a mile. A week ago, the global coding depository, GitHub suffered world’s biggest DDoS attack recorded at 1.35Tbps. It was thought to be a mind-boggling number. Imagine sending dead data packets at 1.35Tb per second involving tens of thousands of botnets. But it took the cybercriminals only four days to break this 1.35Tbps barrier with a new 1.7Tbps attack.
Arbour Networks which provides DDoS protection services has recorded on an unnamed entity identified as a “US-based service provider”. Arbour Networks said that the hackers mounted a whopping 1.7Tbps attack which could be called the worst of its kind. Luckily for the unnamed entity, it had employed anti-DDoS measures and survived the attack without any outage.
According to Arbor Networks, the cybercriminals mounted this huge DDoS attack exploiting a service called “Memcached servers.” The details of such Memcached servers are publically available online making it easier for the hackers to mount such huge attack.
Memcached servers are servers which are dedicated to storing cached pages and can be used by rogue elements to amplify DDoS attacks. Such Memcached servers rarely have the top of the line security and are easily available for exploiting. According to a research, that there are more than 90,000 misconfigured Memcached servers available for hackers to exploit.
The attack can be carried out by spoofing the target’s IP address and sending a small crafted UDP ping to a Memcached server on the port 11211. It would return around 51,000 times more UDP packets to the victim’s real machine, thus, amplifying the attack.
Use of Memcached Servers for a DDoS attack is not new. The first such DDoS attack was discovered by security researchers last year but nothing has been done about it. Companies rarely pay attention to the backend storage operations to realistically reduce the threat vector.
To protect such Memcached servers, companies need to install a firewall and run such servers behind a firewall and blocking UDP traffic on port 11211. Firewalls cost money and backend storage servers are a dead investment for tech cos opening up these servers to mounting larger DDoS attacks.