Last week's record-breaking 1.35Tbps DDoS attack on GitHub was dethroned by a 1.7Tbps attack directed toward a U.S. based service provider, according to a NETSCOUT Arbor report released Monday. However, no outages were reported by the targeted service provider.
The most recent attack leveraged "the same memcached reflection/amplification attack vector that made up the GitHub attack," according to the report. Memcaching is used for "speeding up dynamic web applications by alleviating database load," according to Memcached. Hackers can exploit the servers by "spoofing a target's IP address to the default UDP port" to return a much higher response rate on the target, reports ZDNet.
- Researchers believe these attacks are also coupled with a ransom demand, reports Ars Technica. Malicious actors leveraging the open servers are inputting "Pay 50 XMR" with an address to a wallet. The phrase is repeated continuously to try and exhaust available network bandwidth. GitHub's attack featured the same technique with the same wallet address.
There's a newer and more severe form of DDos attacks emerging, but there are still hiccups in the hacker's actions.
For example, because the address for the wallet is repeated among attacks, the hacker has lost the ability to properly track who has paid for a ransom and who has not, according to Ars Technica. Without automated tracking, the hacker cannot prevent another attack on a victim who already paid the ransom.
And as was seen in Nyetya, often called NotPetya, ransom demands are sometimes used as red herrings to draw attention away from more crippling impacts of a cyberattack.
However, regardless of flaws, hackers are still maturing their techniques and taking advantage of negligent practices. Hackers are leveraging open servers to their advantage, making security experts scramble to shut down memcached servers that are open to the internet.
But due to the existing high volume of open memcached servers, thwarting this level of attack will be all the more difficult, according to NETSCOUT Arbor.