2018 isn’t even at the quarter pole and the predicted trend of increase cyber attacks for they year is coming to actualization early on. The week past GitHub was the victim of the largest ever DDoS (Distributed Denial of Service) attack ever recorded, which topped out at 1.3 terabits – or 126.9 million packets per second. It preceded the pervious record break which came just a week before when customers of a US-based service provider received a 1.7 Tbps attack. This is the new reality of the cyber world, unfortunately.
Us here at 4GoodHosting are as keenly aware of what this may forecast for the future as any Canadian web hosting provider would be, and – to put it plainly and right to the point for those of you not familiar with how the Web works – a DDoS attack makes it so that hosted websites are rendered inaccessible for would-be visitors.
These recent DDoS attacks were based on UDP (User Datagram Protocol) Memcachedd traffic, Memcached being a protocol used to cache data and reduce strain on heavy data stores like a disk or databases. It lets the server inquire about key value stores that are intended to be used on systems which will not be exposed on public internet.
What attackers do is spoof the IP addresses of UDP traffic, and then directing the request to a vulnerable UDP server. The server prepares the responses as it does not know the request isn’t legit. The information is then delivered to an unsuspecting host, and you have a DDoS attack.
What happened at GitHub last week was its servers ceased to respond for a few hours, until Akamai was able to filter out the malicious traffic from UDP port 11211 – the default port for memcached). The conclusions was that because of memcached’s reflection capabilities, similar attacks were likely to follow with the high data rate.
Further, it is believed that many other and smaller organizations experienced similar reflection attacks over this same time period, and again it seems there could be many more, potentially larger attacks in the near future. A marked increase in scanning for open memcachedd servers since the initial disclosure was noted as well. It is likely that attackers will adopt memcached reflection as their favoyrite sabotage tool because of its ability to generate such large and sweeping attacks.
We can understand that despite the fact that the internet community is making concerted efforts to shut down access to the numerous memcachedd servers out there, the sheer number of these servers that run memcached openly is very likely going to be an ongoing vulnerability that attackers will choose to exploit.
To be proactive, you can mitigate these attacks by blocking off UDP traffic from Port 11211, and the proceed to lock down the system to insulate yourself against being a victim of such attacks.
Prior to March of 2018, the biggest DDoS attack ever detected occurred in September 2016 in Brazil, and peaking at 650 gigabits per second. These new memcachedd DDoS attacks are the first ones to exceed the terabit limit, suggesting that the extent of these new DDoS attacks have much greater reach and potential than previously was the case.