A massive amplification DDoS attack hit an undisclosed US-based company, setting new record just days after a similar attack took down GitHub. A DDoS attack using the Memcached vulnerability to perform a reflection/amplification attack has reached 1.7 Tbps, a new record for DDoS attack speed.
The Memcached vulnerability has been fixed via a patch released by the Memcached team that disables UDP by default. Information security training professionals recommend users to install the patch and move away from UDP usage.
NETSCOUT’S Arbor information security group has confirmed a 1.7 Tbps DDoS attack on an unnamed US company, carried out through the Memcached vulnerability. Arbor was able to confirm the attack through its ATLAS DDoS monitoring system, making this the largest DDoS attack recorded to date.
The attack come less than a week after an information security company reported a similar DDoS attack on GitHub, which reached speeds of 1.35 Tbps. Amazingly enough, the report shows that the attack victim’s service provider was able to prevent any interruptions, despite the massive scale of this latest attack.
Both attacks used the same amplification technique, which exploits vulnerability in the Memcached protocol. Until the flaw in Memcached servers can be fixed, information security training expert Carlos Morales said in a blog post, attacks like these are likely to continue.
Memcached is an open source memory caching system that stores often-accessed data in RAM to speed up access times. But it wasn’t designed for use on internet-connected systems, as access doesn’t require authentication, as information security training professional comments.
The Memcached open nature allows an attacker to plant a massive amount of data on an exposed server, and then use a spoofed ‘get’ request to direct massive traffic to a victim’s IP address. This can overload the victim’s network and affect their service. Asinformation security training specialist explained, the potential amplification of small amounts of data is huge: 15 bytes of data can generate a 750KB response, an amplification of 51,200x.
The attack relies on spoofing UDP packets to function, which the Memcached team addressed in a recent patch released to address the amplification attack. The main feature of the patch is turning off UDP by default, which could eliminate the spread of terabyte DDoS attacks that use this vulnerability. With more than 100,000 vulnerable systems online, eliminating this source of DDoS attacks will be difficult. Akamai predicts that the popularity of such attacks will only grow, making those 100,000 systems main targets for attackers.
Information security training researchers recommended that internet-facing Memcached servers be upgraded to the latest version and have UDP disabled. As with other major security vulnerabilities, this one has a patch available that the developer says can solve the problem. Future victims will likely be those that failed to update their Memcached installs.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.