Memcached is a distributed system that allows the caching of information in RAM. This software seeks to accelerate the search and access to information. Instead of going to the disk, the possibilities that the information is in the RAM are higher.
These types of vulnerabilities are found every day. The difference is that, on this occasion, vulnerability has been known before being exploited. Cyber security experts have discovered that Memcached servers fail to protect UDP ports, making them an easy target for hackers and their attacks on the service.
The cyber security professionals indicate that this is a vulnerability of the solution development team when it comes to supporting the UDP protocol in their product.
The investigation reports reveal that last week they observed some strange behavior of Memcached servers. Attackers sent packets of some bytes in size to UDP ports. Something not significant but in some occasions they were of considerable size.
Starting from the sending of these larger packages, experts say that hackers can cause these to be sent to a specific IP address in response, that is the victim’s, the real objective of the DDoS attack.
Cyber security researcher says that many people are not aware of the magnitude of the problem. If it were not a known solution of content caching we would be talking about a lesser evil or that would go unnoticed by cybercriminals. Data security expert comments that the solution to this problem, at least for now, is to disable the use of UDP ports if the server is not behind a firewall.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.