Distributed-denial-of-service (DDoS) attacks have been ramping up these past few weeks. Reports released at the end of February noted an increasing number of memcached server attacks, which don’t require massive resources and huge botnets like the ones used for the DDoS attacks that made headlines in 2016. Only a few days later, software development platform GitHub was hit with the biggest DDoS attack to date. This site has been targeted before, though nothing compared to the scale of this recent attack. Records show that the attack was a massive 1.35 Tbps, which topped the previous 1.2 Tbps that hit Dyn in 2016.
Current DDoS attackers use a more efficient method
In late 2017, a research team published a comprehensive report on memcached servers, pointing out the possible dangers of this attack vector. These servers are database-caching systems that are mainly used to speed up networks and websites. Some of the servers are exposed on the public internet, though they were never meant to be, and anyone can query them and get a response. The response memcached servers give to a query is much larger than the actual query; they can actually amplify requests by over 50,000 times. Attackers take advantage of this by spoofing the IP address of the intended victim and sending queries to multiple memcached servers. This attack results in a huge amount of malicious traffic directed at the victim’s site, and they often can’t manage the barrage. Amplification attacks are actually not a new phenomenon; cybercriminals have been using this method since 2013.
Unlike most of the DDoS attacks in 2016, this memcached attack method is not resource-heavy. There is no need to maintain a massive botnet. The memcached servers are easily abused and deliver a much harder punch. And reports say that there are about 90,000 such memcached servers that can be used for this kind of attack. More…