• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Events
Cyber Attacks

Kill Switch Can Mitigate Massive DDoS Attacks Via Memcached Servers

March 8th, 2018 Waqas Cyber Attacks, Security 0 comments
Kill Switch Can Mitigate Massive DDoS Attacks Via Memcached Servers
Share on FacebookShare on Twitter

Recently we informed our readers about how attackers are abusing the misconfigured Memcached servers to launch massive DDoS attacks. According to the observation of not one or two but three security firms, massive Memcached reflection distributed denial of service (DDoS) attacks are being launched with an unprecedented intensification factor of 50,000, which is the largest in DDoS attacks’ history.

The problem got worsened after someone released the proof-of-concept (PoC) exploit code for amplification of the attack, as it has made it even easier for cybercriminals to launch large-scale attacks. GitHub was amongst the first targets of attackers while an unknown American firm suffered world’s largest 1.7 Tbps of DDoS Attack.

Now, Corero Network Security has discovered that a Kill Switch can help organizations secure their websites and prevent the threat of massive DDoS attacks launched via exploiting vulnerable Memcached servers. According to researchers, the vulnerability (classified as CVE-2018-1000115) that leads to the exploitation of Memcached servers is much more extensive and dangerous than it is currently assumed.

Memcached is an open-source memory caching server that can boost responsiveness of database-driven websites by storing data in RAM, which leads to acceleration of access times. It stores a variety of data such as emails, API data, website customer data, Hadoop information and confidential database records.

Since it wasn’t developed for being accessed through the internet, therefore, users don’t need to authenticate via login and passwords and attackers are thus, able to create fake requests to amplify DDoS attacks at least 50,000 times.

As per researchers at Corero, any exposed Memcached server can be used to launch a DDoS attack as well as tricked into revealing the user data it has cached from the local host or network. Since Memcached servers don’t need authentication so anything that the server stores is accessible while attackers can easily steal, modify and reinsert altered data in the cache.

The Kill Switch

However, Kill Switch can send a command back to the attackers’ server for controlling the DDoS exploitation trend because it invalidates the vulnerable server’s cache including the malicious payload. Corero researchers have already tested it to be 100% effective on live attacking servers.

Given that still there are over 12,000 exposed Memcached servers that can be accessed, it is indeed good news that Corero researchers are able to send back attackers’ commands. It is done by using simple commands like “shutdown\r\n”, or “flush_all\r\n” in a loop to prevent amplification; the flush_all command will flush the entire content including keys and their values that are stored in the cache.

According to THN, a security researcher Amir Khashayar Mohammadi has developed and released a basic DDoS mitigation tool titled Memfixed. The tool is written in Python and sends commands to flush or shutdown the vulnerable Memcached servers.

RELEASE: Memfixed-DDoS-Mitigation tool

Thanks to @dormando for the memcached “killswitch”;

Memfixed is a tool that mitigates the attacks using Shodan to efficiently shutdown and flush vulnerable memcached servers:

Author: @037https://t.co/vTf5AWwHdt pic.twitter.com/SfIpmdmr7U

— spuz.me (@SpuzNiq) March 8, 2018

Memfixed can obtain a list of exposed and vulnerable Memcached servers automatically using the Shodan API after which it initiates flush/shutdown commands. However, server administrators are urged to install the most recent version Memcached 1.5.6 that disables UDP protocol by default and prevents reflection or amplification of DDoS attacks.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • DDOS
  • GitHub
  • internet
  • KillSwitch
  • Memcached
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Bitcoin Price Drops 10% Amid Binance Exchange Hacking Rumors
Next article You are not alone Blizzard & EA servers are down in multiple regions
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam

Facebook ads used in spreading Facebook Messenger phishing scam

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam
Phishing Scam

Facebook ads used in spreading Facebook Messenger phishing scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us