By now the vulnerability in Memcached Servers has been exposed to the masses since its proof of concept (PoC) code was recently published online. That exposure would now allow script kiddies to conduct large-scale DDoS attack as if the recent massive DDoS attack on Github and the world’s largest 1.7Tbps attack on an American firm weren’t enough.
But other than the aforementioned targets, do you know who else was hit by Memcached servers DDoS attacks? According to a list provided 360Netlab, a Chinese IT security firm, the following companies and websites have been hit by DDoS attacks through misconfigured
This list has been compiled by researchers using their ddosmon platform which is equipped with a dedicated DDoS botnet C&C tracking system to provide insights. Using the data, researchers compute and monitor ongoing DDoS attacks.
QQ (qq.com) 360 (360.com) Amazon (Amazon.com) Google (Googleusercontent.com) Avast (Avast.com) Kaspersky Labs (Kaspersky-labs.com) Brian Krebs (krebsonsecurity.com) Epoch Times (Epochtimes.com) PlayStation (PSN) (Playstation.net) Minecraft (Minecraft.net) GTA developers Rockstar Games (Rockstargames.com) Pornhub (Pornhub.com) HomePornBay (HomePornBay.com) NRA Carry Guard (Nracarryguard.com) The NRA Foundation (Nrafoundation.org) The National Rifle Association of America (NRA) (Nra.org)
The above-mentioned list shouldn’t come as a surprise since all these targets are high profile. The NRA was already in news for all the wrong reasons after the Florida school shooting and since a group of students publicly urged the association to put a Federal ban on assault rifles.
However, rather than addressing the issue, the NRA decided to use conservative political activist Dana Loesch in a bizarre ad targeting the media, journalists, political personalities, and others with consequences over their stance on the gun control. The advertisement was also criticized by users on social media making things a bit worse than before.
According to BleepingComputer, multiple domains owned by NRA suffered a series of massive DDoS attack between 27th – 28t February forcing them to go offline. The incident was also noticed by users on Twitter who shared screenshots of the sites at the time they went offline.
https://twitter.com/OregonJOBS2/status/968618796196929536
https://twitter.com/Tailinloop/status/968623811288592385
Furthermore, 360Netlab shared a list of targets revealing that other than the United States and China, attackers have also targeted cyberinfrastructure in Brazil, Canada, South Korea, France, Germany, the Netherlands and the United Kingdom.
Remember, Cloudflare called it amplification attack and explained in their blog post that “Over the last couple of days, we’ve seen a big increase in an obscure amplification attack vector — using the Memcached protocol, coming from UDP port 11211. Unfortunately, there are many Memcached deployments worldwide which have been deployed using the default insecure configuration.”
However, the good news is that Corero researchers have identified a kill switch that can mitigate DDoS attacks carried out through Memcached servers. Researchers have already tested it to be 100% effective on live attacking servers.
Note:
If you are running a business; do not forget to calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.