According to a recent Akamai report, the strongest attacks in history have taken place this year. The biggest attack generated by cybercriminals reached 1.3 Tbps. It doubled the previous record of 2016, when the IoT botnet called Mirai thing was harvesting its crop. The new DDoS attack method uses the Memcached system that enables attackers to multiply the data used to attack up to 500,000 times.
DDoS attacks are one of the most popular tools used by organized cybercriminal groups. A cheap, fast and difficult to track overload of the company's system is the ideal method for extorting a ransom from an entrepreneur who can be seriously harmed by such attack. Although the tools used so far are effective, cybercriminals are looking for new ways to paralyze companies. What's more, they are about to begin a new - as may be concluded from the latest Akamai report, one of the leading companies in the world dealing in data storage.
Attention! DDoS is growing in strength
In 2018, the main tool for cybercriminals to carry out DDoS attacks on an unprecedented scale were servers with the Memcached system. Its task is to relieve database servers by dumping data into RAM. The UDP protocol that supports Memcached has a hole that attackers use to generate massive DDoS attacks, specifically, to multiply the attack volume by 500,000 times. Akamai reports that in the first weeks of 2018, incident organizers have conducted at least 19 major Memcached reflection DDoS attacks on companies in Europe, Asia and the Americas.
The method using a reinforced reflection is very clever - for example, sending a query with a size of only 210 bytes gives a response in the form of a data packet of over 100 megabytes. In this way, the attackers are able to quickly and easily paralyze their victims' services in order to get money or use them as a kind of smokescreen. DDoS attacks are also used to divert attention from other types of incidents, leading to serious financial losses and loss of good reputation.
The threat is so serious and real for many companies that, according to analysts, there are currently over 90,000 Memcached servers in the network, more than half of which are able to serve cybercriminals as a platform for DDoS attacks.
How to defend yourself?
Akamai analysts have warned that DDoS attacks using the vulnerabilities in Memcached servers will be more and more frequent. Thanks to this method, attackers do not need to buy the appropriate malware in the darknet (on the online black market), i.e. to infect and control bots. As a result, such attacks can be carried out even without too much knowledge of methods and techniques.
"For companies to be able to protect themselves against DDoS attacks, a classic firewall is not enough. First of all, enterprises often have problems with distinguishing the attack from ordinary traffic, e.g. on corporate websites. Appropriate security systems must first of all be able to recognize the attack and neutralize it in time at the infrastructure level of the telecommunications operator which is able to receive and filter out potentially dangerous traffic. In the face of increasing threats, an efficient and fully automated solution is needed to minimize downtime and losses thanks to immediate response," comments Adam Dzielnicki from Atman.
Attack for next to nothing
DDoS attacks are the scourge of modern enterprises and there is no indication that cybercriminals will quickly give up on them. Companies should not wonder if the attack will hit, but when. The increase in the number of volumetric attacks is also influenced by their cost. According to Armor, an American company specializing in cloud computing security, the average price of a DDoS attack is $ 10 per hour, $ 200 for a full day, and the cost for a whole week is around $ 500-1200.