Tuesday, October 15, 2024
HomeSecurity NewsHackers Abused Memcached Servers for high-bandwidth Amplification DDoS Attacks

Hackers Abused Memcached Servers for high-bandwidth Amplification DDoS Attacks

Published on

Malware protection

Attackers abused vulnerable Memcached Servers to launch high-bandwidth DDoS attacks and there is a huge increase observed in this attack vector.

Memcached is a memory caching system used to speed up a dynamic database of the websites by caching the data in RAM which can increase the loading time by reducing the number of times an external data source must be read.

It is a middleware so it lacks access controls and it should not be exposed to the public Internet, according to Shodan reports there are around 88,000 open Memcached servers found.

If the UDP port(11211) is opened then attackers can exploit by sending thousands of forged requests to a vulnerable UDP server and servers process the request without knowing it is forged one, which results in overwhelming of its resources.
- Advertisement - SIEM as a Service

Cloudflare says a carefully carfted technique allows an attacker with limited IP spoofing capacity (such as 1Gbps) to launch very large attacks (reaching 100s Gbps) “amplifying” the attacker’s bandwidth.

Also Read DDoS attack prevention method on your enterprise’s systems – A Detailed Report

According to DDoS Threat Landscape, the Memcached graph is almost flat and the spike is only just for a couple of the days.

Memcached Servers

Cloudflare says at peak it generated 260Gbps of inbound UDP traffic and the majority of the packets size is 1400 bytes. Doing the math 23Mpps x 1400 bytes gives 257Gbps of bandwidth.

Launching the attack is quite simple, all attacker need is to embed a large payload on an exposed Memcached server and then the attacker spoofs the “get” request message with target Source IP.

The Vulnerable Memcached servers present all over the globe and according to Shodan search reports, there are 88,000 open Memcached servers.

Memcached Servers

Security researchers recommended disabling the UDP support if it is not in use and to place the Memcached servers behind the Firewall. Also, it is recommended to specify Memcached servers to listen only on localhost.

Reports on Memcache DDoS Attacks published by Cloudflare and arbornetworks.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla,...

ErrorFather Hackers Attacking & Control Android Device Remotely

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to...

Hackers Allegedly Selling Data Stolen from Cisco

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc.The...

Fortigate SSLVPN Vulnerability Exploited in the Wild

A critical vulnerability in Fortinet's FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...