![<?echo $_SERVER['SERVER_NAME'];?>](/template/twentyseventeen/skin/images/header.jpg)
In the past week, the memcached reflecTIon attacks set off a storm of DDoS attacks. Various industries have been attacked many times, and the attack against Akamai customers reached a record-breaking 1.3Tbps. Akamai observed that this ransomware attack uses Memcachedpayload.
Blackmail and DDoSFor the DDoS world, extortion is no stranger, and the way attackers use it has always been interesting. Early scammers such as DD4BC send malicious emails containing attack and payment information, dates and deadlines, along with small attacks, and threats that if the victims don't cooperate, they will issue larger attacks and ask for them. A higher amount will force the victim to submit. Subsequently, a group of Copycats and groups that used a wide range of blindcasting methods swarmed, and others were hooked to guard against attacks that did not exist. Followers usually don't change payments or other details, they just send the same threat email to several big companies. Although those emails are short-selling threats, they still hope to use the fear of the company to quickly defraud real money.
Blackmail and MemcachedMemcached has become the new darling of new members and attackers in the DDoS world, frequently launching attacks of all sizes in all walks of life. As with the most threatening attacks, an attacker does not need to find a way to turn a threat into a business opportunity.
Memcached DDoS packet with payment request information
These attack payloads were captured during real-time attacks against multiple clients on the Akamai Prolexic Routed platform. If you look closely, you can see that it is obviously a blackmail attempt buried in the attack stream. The attacker insisted that the victim pay 50 ($16,000) Monero (XMR) to the wallet address explicitly provided in the email. This seems to be consistent with a similar strategy used in ransomware email. They are all netted in order to have a victim paying the ransom.
Attack method and reasonIn the case of a Memcached attack, an attacker can drag and drop the payload onto the Memcached server they plan to reflect. Most of the information sent by the attacker is meaningless spam, but we can also see that the attacker has actually loaded the ransom amount and the wallet address, hoping that the desperate victim will pay the money.
Don't pay ransom, please buy more bandwidth
Attackers/groups using this technology will use the same attack technology, the same amount and wallet address to extort multiple victims in multiple industries. Currently, there is no indication that they are actively tracking the target's response to the attack, and there is no contact information and a detailed description of the payment notice. We even suspect that if the victim deposits the required amount into the wallet address specified by the extortionist, the latter may not even know which victim paid the money, let alone the fact that they will stop the attack. Even if they can determine who paid the money, we don't think they will stop attacking the victim because there is no attack at all.
backgroundIn this GitHub attack, Akamai leveraged Prolexic's common DDoS defense infrastructure for effective defense, and recently implemented specific defenses against a class of DDoS attacks originating from Memcached servers.
Akamai's Prolexic is fully protected against all types of DDoS attacks and high-bandwidth, continuous web attacks, protecting the data center infrastructure from attacks and blocking malicious traffic in the cloud before DDoS attacks reach your applications and infrastructure.
About AkamaiAkamai is the world's largest and most trusted cloud delivery platform, making it easier for customers to deliver the best and most secure digital experience, anytime, anywhere, on any device. With more than 200,000 servers deployed in more than 130 countries, Akamai's widely distributed platforms are unmatched in scale, helping customers achieve superior performance and protection against cyber threats. Outstanding customer service and 24/7 monitoring guarantee Akamai's web and mobile performance portfolio as well as cloud security, enterprise access and video delivery solutions.
Pre-Terminated Cable,Fiber Optical Patch Cable,Indoor Outdoor Pre-Terminated Cable,Pre-Terminated Fiber Optic Cable
ShenZhen JunJin Technology Co.,Ltd , https://www.jjtcl.com