Earlier this month code repository GitHub was taken offline with a 1.3Tbps denial of service attack, which was the biggest one ever recorded at the time.
But days later an even larger DDoS attack was suffered by a US service provider that measured 1.7Tbps.
“In this case, there were no outages as the provider had taken adequate safeguards, but it’s clear that the memcached attack is going to be a feature network managers are going to have to take seriously in the future,” noted one UK-based tech blog.
Here’s how the attacks work:
The attacks use shoddily secured memcached database servers to amplify attacks against a target. The assailant spoofs the UDP address of its victim and pings a small data packet at a memcached server that doesn’t have an authenticated traffic requirement in place. The server responds by firing back as much as 50,000 times the data it received.
With multiple data packets sent out a second, the memcached server unwittingly amplifies the deluge of data that can be sent against the target. Without proper filtering and network management, the tsunami of data can be enough to knock some providers offline.
“While the internet community is coming together to shut down access to the many open memcached servers out there, the sheer number of servers running memcached openly will make this a lasting vulnerability that attackers will exploit,” said Carlos Morales, VP of sales, engineering and operations at Arbor Networks. “It is critically important for companies to take the necessary steps to protect themselves.” [source]
Analyst comment: Cyberattacks are getting more sophisticated, but there still is resistance in the private sector to invest in the required security infrastructure, for some reason. It will take a large-scale attack that causes widespread damage (costing billions of dollars) before most companies take the hint that cyber is here to stay and will only become an even larger threat once AI systems go online.