Historical record of DDoS attacks.
It was only two weeks ago when GitHub suffered the biggest DDoS attack in history (1.35 terabytes per second).
Prevention in terms of security was key to neutralizing the threat and restablishing the service within less than 10 minutes.
The attack was based on misconfigured Memcached services. In other words, the attacker sends requests of very few bytes with the victim’s IP to the UDP 11211 port of the servers affected by said vulnerability. The service response is 52,000 times bigger, which results in a service denial after not being able to process the requests.
This event is just a forecast of how much the use of Memcached for DDoS is going to increase.
The increase in the number of attacks is a huge concern for the business sector.
After the appearance of so many recent news on different media about cyberattacks and the exponential increase of one of them, DDoS (Distributed Denial of Service), many organizations have started to look for information about these attacks and how they can affect them. We will try to give an answer as brief as possible to this concerns.
What is a DDoS attack?
Imagine you are driving home through an intercity road and an attacker suddenly diverts all the traffic to use this road for vehicles using nearby roads, highways and motorways. If your road has to handle all this traffic, it will eventually collapse and stop being accesible for those who need to get to a commerce, home or work.
In conclusion, the attacker “floods” the network with information in order to collapse it. By diverting the traffic, they manage to stop everybody from accessing the system’s resources.
How can it affect your business?
Denial of Services attacks are more frequent everyday both in large organizations and in SMEs. The goal of this attackers is to collapse the networks to stop users from using it. As a result, it loses revenue depending on how long the interruption lasts for and the sales volume resulting from the affected applications. However, it does not only affects sales: it can also damage the brand’s image.
The main targets are organizations that count on:
- E-Commerce services.
- Online services acquisition.
- Mobile Apps for orders, invoice check and technical support.
How can organizations mitigate a DDoS attack?
As experts in cybersecurity, in R3 CyberSecurity we recommend system administrators to take the first steps:
- Blocking the UDP 11211 port (used by default in Memcached),
- Limiting or even blocking the UDP Access if it is not being used.
R3 CyberSecurity offers solutions like CyberShield360, which carries out an specific filtering process of the traffic received by every customer on the cloud, in order to only divert the convenient traffic to their Data Processing Center.
Jordi Bonete César | Cyber Security Engineer at R3 CyberSecurity