In October 2016, a DDoS attack was planted on Dyn, a service provider. It crippled the Internet access of the entire America’s east coast. Dyn’s servers were attacked with enormous amount of data traffic and a speed of 2Tbps was recorded as data transfer rate. Well the observation is shocking and it was difficult to achieve such speed at that time.
However, last week, advanced DDoS attacks were recorded at a data rate of 1.7Tbps. The impact of the attack was approximately 50% greater than the previously planted Dyn attack. Such great traffic, which could probably give a downtime to any website, is ruled out as 680,000 Internet users, using their entire resources to access the same website simultaneously.
How Did DDoS Attacks Become So Advanced?
Hackers have found out a way to take advantage of Memcached, a software that is created to accelerate the loading time of web page. Memcached caches big chunks of data user wants to access again. Memcached is generally served up from remote servers.
According to security experts, Memcached should not be unprotected when it is connected to the Internet. However, according to Project Sonar web scanner by Rapid, there are over 140,000 Memcached devices that are vulnerable. Attackers have exploited Memcached to magnify their denial of service attacks on their targets. They specifically send small chunks of litter data to Memcached, which floods the target’s server with massive data. Hackers can increase the effect of the attack upto 51000 times when using Memcached.
How Can You Stop It?
There are many cybersecurity professionals working on how to stop advanced DDoS attacks. Security experts from the Homeland Security is trying to discover effective ways to shield the citizens of United States against advanced and powerful DDoS attacks. Even firms like Akamai and Alphabet have joined the battle against the menace. Additionally, remarkable progress has been made in fighting the technique as the GitHub website recently survived one major Memcached based DDoS attacks. The website just experienced downtime for 5 minutes and then it was up & running.
Attackers were transporting fake UDP protocol packets to Memcached servers. This resulted into an outburst of UDP packets onto the targeted website. Corero, the security firm has come forward with a kill switch that commands the attacking server to perform a flush with the “flush all” command. It actually flushes out all data packets to suppress the outburst from attacking servers. The remedy has been tested on real servers and has been proved to be one-hundred percent effective in stopping Memcached attacks. However, it has been identified that Memcached version 1.5.5 lacks control over Network message volume that can be exploited by hackers. Therefore, a new update has been released that cripples UDP protocol. Now you need to enable UDP protocol explicitly. This update should be downloaded to mitigate the problem.
However, there are many organizations worldwide that may not be able to defend themselves like GitHub. With such firepower, Attackers can cause significant downtime and harm them financially.