• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
Leaks

Memcached DDoS Attack PoC Code & 17,000 IP addresses Posted Online

March 7th, 2018 Waqas Security, Leaks 0 comments
Memcached DDoS Attack PoC Code & 17,000 IP addresses Posted Online
Share on FacebookShare on Twitter

For the last few days, hackers have been using vulnerable Memcached servers to conducted DDoS attacks including the massive attack on Github website and world’s largest ever 1.7 Tbps of DDoS attack on a US firm.

Until now, to the masses, it was unclear how hackers are exploiting the vulnerability in Memcached servers but now, a set of three proof of concept codes along with 17,000 IP addresses (vulnerable servers) has been published online for public access which is a jackpot for attackers. This means anyone with knowledge of scripts and coding can carry out large-scale DDoS attacks.

The first two codes were published on March 5th, 2017. The first code is written in C language and utilizes the list of 17,000 vulnerable Memcached servers to conduct DDoS attacks while the second DDoS tool is written in python and the person behind the creation of this tool goes by the handle of @37 on Twitter. The DDoS tool uses Shodan search engine to generate a unique list of vulnerable Memcached servers to send forged UDP packets.

The third code was published on March 3rd on Twitter by a user going with the online handle of @the_ens.

Memcached DDoS Attack POC Code & 17,000 IP addresses Posted Online

The vulnerability in Memcached servers exists because the implementation of the its servers’ UDP protocol is flawed and anyone can launch a major Distributed Denial of Service (DD0S) attack without much ado.

This means, cybercriminals have managed to add a brand new and extremely effective technique to their already loaded cyber-weaponry that can twofold DDoS attacks by as much as 51 x 200x through exploiting misconfigured Memcached servers, which are easily accessible through the public internet connection.

Memcached servers are web-based memory caches that are quite huge and are used to boost the responsiveness of database driven websites as it can improve their memory caching system. These servers cache the data that is most frequently retrieved and stores it in its memory instead of retrieving it from the hard disk again and again. Memcache servers are a combo of open-source software as well as standard server hardware and just contain huge reserves of memory.

The researchers call it an amplification attack which was also explained by Cloudflare last week in their blog post. “Over the last couple of days, we’ve seen a big increase in an obscure amplification attack vector — using the Memcached protocol, coming from UDP port 11211. Unfortunately, there are many Memcached deployments worldwide which have been deployed using the default insecure configuration.”

Moreover, if attackers manage to prepare the amplification attack well, they can launch an attack with lowest possible IP spoofing capacity. Spoofing of IP addresses allows Memcached’s responses to be targeted against another address, like ones used to serve GitHub.com, and send more data toward the target than needs to be sent by the unspoofed source.

Currently, there are estimated 88,000 misconfigured Memcached servers at risk of being abused and the majority of these servers are located in Europe and North America. If identified and exploited by malicious elements, we may witness a situation where large-scale DDoS attacks will become a trend.

However, the worse news for victims is that attackers are also using Memcached servers to launch DDoS attacks with Monero (XMR) cryptocurrency ransom notes in the traffic itself. A couple of days ago, Akamai researchers noted ransom notes demanding 50 XMR from victims in order to stop the attacks. At the time of publishing this article, 50 XMR is about $17,000.

DDoS Attacks Now Launched with Monero Ransom Notes

Researchers advise Memcached server users to disable the UDP port and increase their security by using firewalls.

Note:

If you are running a business; do not forget to calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • DDOS
  • GitHub
  • hacking
  • Infosec
  • internet
  • LEAKS
  • Memcached
  • security
  • Shodan
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Hackers can Send Fake Emergency Alerts by Exploiting 4G LTE Protocol Flaws
Next article Download Kali Linux from Microsoft Store and use on Windows 10
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Top Cybersecurity Threats to Watch in 2021

Top Cybersecurity Threats to Watch in 2021

Database of 176 million Pakistani mobile phone users sold online

Database of 176 million Pakistani mobile phone users sold online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

33
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

19
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

59

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us