Memcached DDos: The New Kid On The Block

Robin Schmitt, General Manager, APAC at Neustar
content-image

Robin Schmitt, General Manager, APAC at Neustar

In the past month alone, the cyber security industry bore witness to a relatively new face of distributed denial of service (DDoS) amplification attacks in the form of Memcached DDoS that reached a peak of 1.35 Tbps – the largest attack ever mustered.

Recalibrating our tracks to 2017, brands continued to demonstrate the ongoing susceptibility to DDoS and other cyber breaches. The reverberations from these attacks were felt across all corners of businesses–we saw stock prices fall and consumers lose confidence in brands as a result.

Instead of profiting on infamy, hackers are devising more ways to benefit while flying under the radar so attacks can go on longer, provide access to more data or affect specific targets in very granular ways.

A game of risk: attacks more determined with newer threat vectors

These attacks are dangerous because they can escalate quickly to leverage more than 100,000 servers to cause thousands of factors in amplified traffic with no warning. Unlike the formal botnet attacks used in large DDoS infiltrations, Memcached DDoS outages do not require a malware-driven botnet.

Perpetrators simply spoof the IP addresses of their targets and send several data packets to multiple Memcached servers that live on networks with high speed transit uplinks. The Memcached systems then return 50 times the data of the requests back to the victim – creating a perfect storm for high bandwidth DDoS amplification attacks.

While the average size of infiltrations has remained steady for three years straight at around 5Gbps, the volume of attacks, especially repeated ones against the same targets has increased. The Memcached DDoS attack uses exposed database caching servers to create massive amounts of traffic to target Layer 3 infrastructure elements. With simple spoofing and no authentication needed, attackers can generate traffic responses 10,000 to 51,000 greater than the size of the request.

The vigilant defender: detection and response

Attackers have since learned how to tease defenses, probe network vulnerabilities, and execute more lethal strikes. The difficulty in being able to effectively and efficiently detect and respond to DDoS attacks has no doubt frustrated those who work to protect revenue flows, critical infrastructure, and brand reputations. Today, the vigilant defender knows that when DDoS attacks are detected, there is a 50/50 chance that it is a race against crime.

A study by Neustar found that while nearly all organisations have one or more defence layers in place, despite the heightened awareness, identification and reaction is taking more time and damages incurred are taking a higher toll. 90 percent of all respondents reported plans to invest more in defence solutions than the year before. Findings point towards how there is concern in the market that the solutions organisations are using may not be enough, and that currently the attackers truly have the upper hand.

Future-proofing mitigation networks to stop attacks before they reach their target destination will save brands billion each year from the impact of ddos offensives

No game delay allowed

Future-proofing mitigation networks to stop attacks before they reach their target destination will save brands billion each year from the impact of DDoS offensives. So this begs the question– how can organisations make smarter security decisions that meet the future requirements of an increasingly diverse threat landscape?

Whilst there is no sure-fire, cookie-cutter approach, it is certain that organisations need to start building up their muscle power against perpetrators. Fortunately, new approaches to security that combine the best of on-premise hardware and cloud-based solutions are changing how this game is played.

A hybrid model will ensure sound protection against smaller, yet more advanced, application level attacks, as well as providing the ability to mitigate large volumetric attacks. By understanding the threat, quantifying the risk to the organisation and implementing a right-sized mitigation solution, organisations can effectively mitigate the risk of Memcached DDoS offensives – ensuring the scorecard stands at Organisations:1, Attackers: 0.

tag

Critical Infrastructure

Read Also

Why Compliance Needs a Seat at the Strategy Table

Why Compliance Needs a Seat at the Strategy Table
David Koh, Head, Legal & Compliance (Singapore) and Operational Risk Management Country Lead, Perpetual Limited
Streamlining Operations and Empowering Teams in Facilities Management

Streamlining Operations and Empowering Teams in Facilities Management
Shaye Rogers, Workflow Support Manager, Cushman & Wakefield
Technocreativity: The Synergy Of Technology And Creativity

Technocreativity: The Synergy Of Technology And Creativity
Tran Nguyen Phi Long, Group Head Of Retail Marketing, Pnj Group
Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran

Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran
Sigit Triwibowo, Head Of It And Digital, Chief Technology And Digital, Ikea
Executive Leadership And Digital Transformation In The Global Fashion Industry

Executive Leadership And Digital Transformation In The Global Fashion Industry
Eiko Ando, E-Commerce And Digital Director, Pvh Corporation
Digital Transformation in Fashion Retail - From Efficiency to Experience

Digital Transformation in Fashion Retail - From Efficiency to Experience
Le Van, CTO, YODY Fashion
Driving IT Transformation at Lactalis Australia

Driving IT Transformation at Lactalis Australia
Sabina Janstrom, Chief Information Officer, Lactalis Australia
AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust

AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust
Phiphat Khanonwet, Head of IT, Onyx Hospitality Group