DDos, also known as Distributed Denial of Service is one of the attacks that use a botnet of devices that are malware-infected to smash a network or server that has malicious traffic or requests with the intent to bring down the website or service, or degrade its performance to the point that it can’t be used.
In 2016, massive DDoS attacks appeared as the Mirai IoT botnet which was comprised of hundreds of thousands of devices that are malware-infected has committed the most significant attack in history. When everyone knew that the Mirai records themselves were smashed in early 2018, a lot were swift to assume that it was the IoT botnets.
However, that was not the case.
Due to the ingenuity of professional attackers, having remote access to over a massive number of devices is no longer essential to attack a tremendous size
With the variety of DDoS attacks, this new type starts with a tool that is designed to help the Internet to operate effectively and efficiently. Memcached servers are cache servers that can store massive amounts of data from a massive number of website to minimize the number of times that a website is needed to be read.
These type of servers are free, open-source, and are extremely popular.
Through the lens of a website or a business owner, these servers are great tools when it comes to elevating a website’s performance while it minimizes the strain on a website’s servers.
Meanwhile, in a DDoS attacker’s lens, Memcached service are great tools when it comes to unleashing massive amounts of data.
Usually, public-facing Memcached servers utilize port 11211 by default. With this, attackers are allowed to spoof the IP of their target and be able to send requests to its servers for statistics. After that, a message is returned to the target with a size that is so enormous which can potentially cause a DDoS attack.
This is what they refer as a distributed denial of service amplification vector. This means that attackers acquire an amplified or colossal return because of their small effort. As far as updated tricks go, Memcached attack is so far the best one when it comes to the amount of return.
Memcached attacks have an amplification factor of around 9000 to 51,000. Due to this factor, attackers were able to deliver successful attacks on some of the biggest names in tech.
There has been an issuance of a patch to disable the UDP protocol that is found on Memcached servers that allows these attacks to be delivered. Outside of disabling Memcache, monitoring Bandwidth & logs to ensure you catch attacks before they get out of control is the next best thing you can do to mitigate this issue. Using Ping Monitoring tools that will show you response times of your own servers will further tell you if your servers are using to much bandwidth.
However, the many existing vulnerabilities and attacks in the past threaten Memcached servers in a way that they will come unpatched for years which allows the amplification vector to hang around. Also, professional attackers are less likely to stop their use of this trick; thus, it is expected that the next attacks are yet to happen.