Monday, May 5, 2025
HomeSecurity NewsHackers Abused Memcached Servers for high-bandwidth Amplification DDoS Attacks

Hackers Abused Memcached Servers for high-bandwidth Amplification DDoS Attacks

Published on

SIEM as a Service

Follow Us on Google News

Attackers abused vulnerable Memcached Servers to launch high-bandwidth DDoS attacks and there is a huge increase observed in this attack vector.

Memcached is a memory caching system used to speed up a dynamic database of the websites by caching the data in RAM which can increase the loading time by reducing the number of times an external data source must be read.

It is a middleware so it lacks access controls and it should not be exposed to the public Internet, according to Shodan reports there are around 88,000 open Memcached servers found.

If the UDP port(11211) is opened then attackers can exploit by sending thousands of forged requests to a vulnerable UDP server and servers process the request without knowing it is forged one, which results in overwhelming of its resources.
- Advertisement - Google News

Cloudflare says a carefully carfted technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) “amplifying” the attacker’s bandwidth.

Also Read DDoS attack prevention method on your enterprise’s systems – A Detailed Report

According to DDoS Threat Landscape, the Memcached graph is almost flat and the spike is only just for a couple of the days.

Memcached Servers

Cloudflare says at peak it generated 260Gbps of inbound UDP traffic and the majority of the packets size is 1400 bytes. Doing the math 23Mpps x 1400 bytes gives 257Gbps of bandwidth.

Launching the attack is quite simple, all attacker need is to embed a large payload on an exposed Memcached server and then the attacker spoofs the “get” request message with target Source IP.

The Vulnerable Memcached servers present all over the globe and according to Shodan search reports, there are 88,000 open Memcached servers.

Memcached Servers

Security researchers recommended disabling the UDP support if it is not in use and to place the Memcached servers behind the Firewall. Also, it is recommended to specify Memcached servers to listen only on localhost.

Reports on Memcache DDoS Attacks published by Cloudflare and arbornetworks.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

FBI Alerts Public to Scammers Posing as IC3 Officials in Fraud Scheme

The Federal Bureau of Investigation (FBI) has issued a warning regarding an emerging scam...

New ‘Waiting Thread Hijacking’ Malware Technique Evades Modern Security Measures

Security researchers have unveiled a new malware process injection technique dubbed "Waiting Thread Hijacking"...

EU’s GDPR Article 7 Poses New Challenges for Businesses To Secure AI-Generated Image Data

As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR),...