News broke that cybercriminals who are directing junk traffic at targets have recently started using an “obscure” trick to supercharge puny bandwidth attacks.
Distributed denial of service (DDoS) attackers are abusing “memcached” or memory caching servers to massively amplify attacks on victims. Memcache systems are used by websites for caching memory to optimize performance of sites that rely on external databases. Ashley Stephenson, CEO at Corero Network Security commented below.
Ashley Stephenson, CEO at Corero Network Security:
“Time to add “memcached” to the list of useful Internet services that can be turned upon themselves to attack rather than serve.
“This free utility has provided more than a decade of useful service helping websites, blogs and databases run faster but is now being leveraged by malicious actors to launch supercharged DDoS attacks. Like several recent DDoS amplification vectors such as the CLDAP exploit first reported by Corero in 2017, memcached is vulnerable to UDP exploits due to an unnecessarily permissive wide-open default access policy allowing it to serve all requestors without prejudice. However, Corero has already seen operators begin to secure their memcached services rendering them useless to attackers. The Corero Smartwall Threat Defense System provides zero-day protection against DDoS attacks using the memcached amplification vector as well as providing operators with the ability to activate defensive blocking rules to prevent exploitation of memcached resources in their networks. Overall, memcached is expected to top the DDoS charts for a relatively short period of time. Ironically, as we have seen before, the more attackers who try to leverage this vector the weaker the resulting DDoS attacks as the total bandwidth of vulnerable servers is fixed and is shared across the victims. If a single attack could reach 200G, then with only 10 bad actors worldwide trying to use this vector at the same time they may only get 20G each. If there are hundreds of potential bad actors jumping on the memcached bandwagon this once mighty resource could end up delivering just a trickle of an attack to each intended victim.”
