DDoS threat actors have started to exploit a known problem with unsecured Memcache servers to launch some hugely powerful attacks
Multiple DDoS mitigation vendors have this week warned of spikes in reflection attacks by threat actors exploiting insecure, Internet-facing, memcached servers. The size of these attacks has been described as huge, massive and in one case insanely large. The high-bandwidth attacks have regularly exceeded 100Gbps in size, and have peaked nearer 500Gbps. Vulnerable memcached servers are internet-facing; the default configuration exposes the UDP port (11211) to external connections. A search of the Shodan engine, which looks for Internet-connected devices, shows there are around 90,000 such memcached servers currently exposed to the potential of attack.
Ashley Stephenson, CEO at Corero Network Security, told SC Media that “memcached is vulnerable to UDP exploits due to an unnecessarily permissive wide-open default access policy allowing it to serve all requesters without prejudice.”