New DDoS Record Set at 1.3 Tbps Thanks to Memcached Servers

[Faybert]

Crooks can abuse Memcache servers to launch insanely massive DDoS attacks using very few computational resources on their end.

These type of DDoS attacks are possible because of the unsecured way Memcache developers have implemented support for the UDP protocol in their product.

Furthermore, to make matters worse, Memcache servers also expose their UDP port to external connections in the default configuration, meaning any Memcache server not behind a firewall can be abused for DDoS attacks right now.
........................
.......................
.......................

 

[Faybert]

We have a new record for the largest DDoS attack ever detected. The new high mark is 1.3 Tbps (Terabits-per-second).

The attack took place yesterday, targeted a software development company, and was detected and mitigated by Akamai.

Attackers executed the attack using a vulnerability in Memcached servers that was made public two days ago.
............................
............................

 

[Faybert]

Last week saw the largest distributed denial-of-service (DDoS) attack in history.

GitHub was hit by a record-breaking attack which peaked at some 1.35 terabits per second (outstripping the notorious DDoS attack on Dyn, which knocked the likes of Twitter, Spotify, Reddit, and umm.. yeah, GitHub, offline back in October 2016.)

A short while later a second attack wave against GitHub peaked at a mildly more bearable 400 Gbps.
.......................
.......................
.......................
.......................

 

[Mahesh Sudula]

CLEANMX is another to hit by the same..despite of its counter measures still the attack has been continuing ..
--> Random metric dns ddos amplification attacks against our infrastructure consuming >200 Gbit/s of bandwidth in our backbone.
The attack was so severe they closed their mailing list...and sorted layer7dos and suspicious ip ranges

 

[Deleted member 65228]

CLEANMX is another to hit by the same..despite of its counter measures still the attack has been continuing ..

It's because they share malicious software and malware authors don't want their malicious software to be exposed to researchers so it can be used for research purposes and reverse-engineering by security software vendors/analyst labs.

There's not much that can be done about it except apply safe and good security practices to help prevent successful DDoS attacks (and mitigate them as best as possible whilst you're under-attack). Taking legal action as much as possible is a good step towards fighting back because such criminal activity is violation of the Computer Misuse Act and many countries are making tougher punishments for such behavior to set an example to other cyber-criminals nowadays.