New DDoS Record Set at 1.3 Tbps Thanks to Memcached Servers

Faybert

Level 22
AV-Tester
Joined
Jan 8, 2017
Messages
1,117
OS
Windows 10
Antivirus
G Data
#1
Crooks can abuse Memcache servers to launch insanely massive DDoS attacks using very few computational resources on their end.

These type of DDoS attacks are possible because of the unsecured way Memcache developers have implemented support for the UDP protocol in their product.

Furthermore, to make matters worse, Memcache servers also expose their UDP port to external connections in the default configuration, meaning any Memcache server not behind a firewall can be abused for DDoS attacks right now.
........................
.......................
.......................
 

Faybert

Level 22
AV-Tester
Joined
Jan 8, 2017
Messages
1,117
OS
Windows 10
Antivirus
G Data
#2
We have a new record for the largest DDoS attack ever detected. The new high mark is 1.3 Tbps (Terabits-per-second).

The attack took place yesterday, targeted a software development company, and was detected and mitigated by Akamai.

Attackers executed the attack using a vulnerability in Memcached servers that was made public two days ago.
............................
............................
 

Faybert

Level 22
AV-Tester
Joined
Jan 8, 2017
Messages
1,117
OS
Windows 10
Antivirus
G Data
#3
Last week saw the largest distributed denial-of-service (DDoS) attack in history.

GitHub was hit by a record-breaking attack which peaked at some 1.35 terabits per second (outstripping the notorious DDoS attack on Dyn, which knocked the likes of Twitter, Spotify, Reddit, and umm.. yeah, GitHub, offline back in October 2016.)

A short while later a second attack wave against GitHub peaked at a mildly more bearable 400 Gbps.
.......................
.......................
.......................
.......................
 
Joined
Sep 3, 2017
Messages
276
OS
Windows 8.1
Antivirus
Doctor Web
#4
CLEANMX is another to hit by the same..despite of its counter measures still the attack has been continuing ..
--> Random metric dns ddos amplification attacks against our infrastructure consuming >200 Gbit/s of bandwidth in our backbone.
The attack was so severe they closed their mailing list...and sorted layer7dos and suspicious ip ranges
 

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#5
CLEANMX is another to hit by the same..despite of its counter measures still the attack has been continuing ..
It's because they share malicious software and malware authors don't want their malicious software to be exposed to researchers so it can be used for research purposes and reverse-engineering by security software vendors/analyst labs.

There's not much that can be done about it except apply safe and good security practices to help prevent successful DDoS attacks (and mitigate them as best as possible whilst you're under-attack). Taking legal action as much as possible is a good step towards fighting back because such criminal activity is violation of the Computer Misuse Act and many countries are making tougher punishments for such behavior to set an example to other cyber-criminals nowadays.