Tools to launch massive DDoS attacks like the one suffered by GitHub have been published online, this is just the beginning
There is a new upward trend when launching DDoS attacks that are becoming increasingly dangerous. The method used has been responsible for that GitHub was hit with the largest DDoS in history (1.35 Tpbs) and that just a few days after the record was broken with a new massive attack of 1.7 Tbps.
And now two completely unique utilities that allow launching this kind of attacks have been published online and are available to everyone. The published code of these two proofs of concept serves to execute DDoS attacks with massive traffic.
This huge amount of traffic is achieved thanks to thousands of vulnerable memcached servers that allow to amplify the magnitude of the DDoS attacksby a factor of more than 50,000, even when the attacker has little bandwidth.
Thousands of servers exposed to boost DDoS attacks whose owners do nothing
Mencached servers are distributed cache systems that are used to optimize websites that depend on external databases, as well known and common as YouTube or Facebook. The problem is that there are thousands of these servers that do not have security protections and who are exposed . This allows attackers to use their IP to amplify DDoS attacks.
The two published online utilities not only allow to launch a DDoS against the desired objective in just a few seconds after executing the tool, but they already come with a list of more than 17,000 IP addresses of vulnerable memcached servers .
For security experts the publication of these tools is not a surprise, and we had already explained why this type of attack could be repeated . The reality is that the only way to solve this problem depends on the owners of the memcached servers doing something to protect them.
Other experts believe that as soon as next week we will be seeing offers of “DDoS attacks as a service” being offered by cybercriminals thanks to the rage of the methodology. This seems to be just the beginning of this new security nightmare.