After a brief hiatus, attackers have returned with a series of new DDoS attacks and this time they have introduced a new technique for launching DDoS attacks, which is much more devastating than before.
According to the findings of IT security firm Akamai’s findings, attackers are now launching record-breaking DDoS attacks using a new method where victims are required to pay ransom in order to prevent cyber attacks. The difference is that this time around attackers have managed to embed ransom notes in the traffic itself.
A number of DDoS attacks (distributed-denial-of-service) were launched over the past week against a wide range of targets and the targeted servers were overloaded with fake traffic while the websites were taken offline using Memcached servers, which basically improve the performance of certain websites, to intensify the strength of the attack.
One such massive attack (world’s largest DDoS attack ever) was thwarted by code-sharing platform Github on Wednesday with the help of Akamai. This attack of roughly 1.35 terabytes per second of data is believed to be the biggest ever recorded so far. Akamai security researchers helped Github fend off this attack but while doing so, researchers noticed that hackers are now stuffing the traffic with ransom notes.
It is not uncommon to launch DDoS attacks with an objective of extorting targets with cryptocurrency demands but now the attackers are issuing demands within the inbound traffic flow. As per Akamai, there are over 50,000 exposed Memcached systems that can be exploited to launch massive DDoS attacks.
In its blog post, Akamai noted: “This attack was the largest attack seen to date by Akamai, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of Memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.”
It is worth noting that on February 28th a Russia-based DDoS mitigation firm Qrator also published a warning about the possible threat of huge DDoS attacks using Memcached servers. Qrator stated that the probable possibility of launching high-value DDoS attacks were initially identified by a China-based team of security researchers at 0Kee Team cybersecurity firm while the concept of launching attacks through the exploitation of Memcached servers was introduced in the year 2014’s Black Hat U.S security conference talk entitled “Memcached injections.”
KrebsOnSecurity’s Brian Krebs noted in his blog post that on Thursday a Boston-based cyber-security firm Cybereason revealed that it was closely tracking Memcached attacks lately and that attackers are embedding a brief ransom note and payment address into the junk traffic that is being sent to Memcached services.
As per Akamai’s findings, a note was discovered in a flood of DDoS attack data the purpose of which was to request for payment in crypto-currency. Attackers asked for payment of 50 XMR or Monero that is equivalent to $16,000; a digital wallet address was also included in the note. The note read: “Pay_50_XMR_To…,”.