comscore Biggest-ever 1.7Tbps DDoS attack leaves US service provider unscathed
News

Biggest-ever 1.7Tbps DDoS attack leaves US service provider unscathed

Github recorded what was believed to be the world’s most powerful DDoS attack. However, the latest record is that of 1 .7Tbps attack against a US service proivider.

  • Updated: March 8, 2018 7:13 PM IST
hacked

Security researchers recently discovered memcached, a database caching system for speeding up websites and networks that allowed malicious users to carry out attacks on systems by a factor of 51,000. So for instance, a single home computer with a 100 megabit/second upload capacity from its ISP is capable of targeting 5 terabits per second of traffic. Also Read - Downloaded WhatsApp Pink virus by mistake? Here's what you can do to fix your phone

Also Read - Mobile cyberattacks on Indian firms up by 854% in 2021: Report

It was earlier reported that memcached servers were abused to carry out 1.3Tbps DDoS attack on Github. The level of attack was thought to have topped previous records set in 2016, however, the vandals have been again discovered to have abused the servers for a 1.7Tbps attack using the newly documented memcached amplification method against an unnamed US service provider. Also Read - Android app offering free Netflix may steal your WhatsApp data

As Ars Technica reports, the record attacks were discovered by a separate DDoS mitigation service, Arbor Networks. The attack targeted an unnamed customer of a US-based service provider. Despite the record level of the attack, the customer and the ISP survived owing to the defense capabilities.

Vice president of global sales engineering and operations at Arbor, Carlos Morales, is quoted as saying, “It’s a testament to the defense capabilities that this service provider had in place to defend against an attack of this nature that no outages were reported because of this.”

In addition to disrupting the services, some of the memcached-based DDoS attacks are accompanied by a ransom demand. Researchers indicate the ransom demand could be possibly to stop the data flood. Some of the attackers were misusing the systems for DDoS attacks with words including ‘Pay 50 XMR’ and details to a wallet. With the current value of the digital currency Monero, 50 XMR translates to about $18,415. The 1.3Tbps attack on Github also included similar ransom demand.

The report further explains that the new amplification technique is being enabled by flouting network service providers which permit forged UDP packets to traverse their networks and memcached servers which are exposed to the internet. It works by sending a query to an open memcached server. These queries are manipulated to make them appear as if they originated with the intended target of the DDoS.

Researchers indicate that there were about 93,000 memcached servers which improperly accepted input from anyone on the internet. A significant number of service providers are yet to adopt measures which prevent spoofed UDP traffic on their networks and shut down all publicly available memcached servers they hosted.

In response to the biggest DDoS attack, Chester Wisniewski, Senior Security Advisor at British security company Sophos said, “While DDoS attacks are just a normal part of the background radiation of the internet, these attacks are demonstrating once again how the risky behavior of a few system administrators can put the entire internet at risk of being disrupted. The systems being used in these amplification attacks should never have been exposed to the internet to start with. If we want to make these types of attacks harder to conduct, we need to hold system administrators and developers liable for their bad behavior.”

Wisniewski further said, “These attacks aren’t difficult to prevent, yet the carelessness of the few results in harm to the greater internet community.”

In light of the attacks, Srinivasan C R, Chief Digital Officer, Tata Communications said that these sophisticated DDoS attacks are now targeting multiple layers of the enterprise. He said, “The most common attacks target the application layer, servers and devices. The recent attacks in the US exploit the default configuration of publicly available memcached servers leaving systems vulnerable to attacks on an unprecedented scale. It is critical for enterprises to take steps to protect themselves as attackers continue to exploit this vulnerability while the global community works to secure the memcached servers.”

“The best way to protect businesses is to stop these attacks in their tracks before they get a chance to debilitate networks. Scrubbing ensures that the network layers act as the first line of defence by monitoring and cleansing all incoming traffic in real-time. At Tata Communications security operations centres, engineers work hand-in-hand with our AI-enabled DDoS mitigation system to monitor attacks. Clean traffic is routed into the network, whereas any suspicious traffic is routed back to the source. It’s a system which ensures legitimate traffic always gets through, while malicious traffic is mitigated at the source rather than near the target network – so it does not choke bandwidth. Tata Communications has multiple scrubbing centres across the globe,” he said.

“Attacks of the size we ve seen recently require enterprises to work with global DDoS mitigation service providers with cloud-based capabilities. Tata Communications multi-layered DDoS protection solution uses cloud-based technology helping deliver real-time detection and mitigation, protecting critical assets like the data centre and using cloud signaling to raise the alarm during a volumetric attack. We also actively study changes in data traffic and data patterns to understand global usage trends. This helps us detect unusual activity and allows us to forecast attacks,” he further added.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: March 6, 2018 4:08 PM IST
  • Updated Date: March 8, 2018 7:13 PM IST



new arrivals in india

Infinix Note 10 Pro
Infinix Note 10 Pro

16,999

Infinix Note 10
Infinix Note 10

10,999

Vivo Y73
Vivo Y73

20,990

OnePlus Nord CE 5G
OnePlus Nord CE 5G

22,999

iQOO Z3
iQOO Z3

19,990

Realme C25s
Realme C25s

9,999

Poco M3 Pro 5G
Poco M3 Pro 5G

13,999

Realme X7 Max 5G
Realme X7 Max 5G

26,999

Oppo F19
Oppo F19

18,990

Motorola Moto G40 Fusion
Motorola Moto G40 Fusion

13,999

POCO M2 Reloaded
POCO M2 Reloaded

9,499

OPPO A74 5G
OPPO A74 5G

17,990

Oppo A53s 5G
Oppo A53s 5G

14,990

Vivo V21 5G
Vivo V21 5G

29,990

Realme C25
Realme C25

9,499

Realme C21
Realme C21

7,999

Realme C20
Realme C20

6,799

Motorola Moto G60
Motorola Moto G60

17,999

iQOO 7
iQOO 7

31,990

Samsung Galaxy M42 5G
Samsung Galaxy M42 5G

21,999

Xiaomi Mi 11 Ultra
Xiaomi Mi 11 Ultra

69,999

Xiaomi Mi 11X Pro 5G
Xiaomi Mi 11X Pro 5G

39,999

Xiaomi Mi 11X
Xiaomi Mi 11X

29,999

Realme 8 5G
Realme 8 5G

13,999

Samsung Galaxy F02s
Samsung Galaxy F02s

8,999

Samsung Galaxy F12
Samsung Galaxy F12

10,999

POCO X3 Pro
POCO X3 Pro

18,999

Realme 8 Pro
Realme 8 Pro

17,999

Realme 8
Realme 8

14,999

Vivo X60 Pro Plus
Vivo X60 Pro Plus

69,990

Vivo X60 Pro
Vivo X60 Pro

49,990

Vivo X60
Vivo X60

37,990

OnePlus 9 Pro 5G
OnePlus 9 Pro 5G

64,999

OnePlus 9R 5G
OnePlus 9R 5G

39,999

OnePlus 9 5G
OnePlus 9 5G

49,999

Samsung Galaxy A72
Samsung Galaxy A72

34,999

Samsung Galaxy A52
Samsung Galaxy A52

26,499

Micromax In 1
Micromax In 1

10,499

Asus ROG Phone 5
Asus ROG Phone 5

49,999

Samsung Galaxy M12
Samsung Galaxy M12

10,999

Motorola Moto G30
Motorola Moto G30

10,999

Motorola Moto G10 Power
Motorola Moto G10 Power

9,999

Oppo F19 Pro Plus 5G
Oppo F19 Pro Plus 5G

25,990

Oppo F19 Pro
Oppo F19 Pro

21,490

Xiaomi Redmi Note 10 Pro Max
Xiaomi Redmi Note 10 Pro Max

18,999

Xiaomi Redmi Note 10 Pro
Xiaomi Redmi Note 10 Pro

15,999

Xiaomi Redmi Note 10
Xiaomi Redmi Note 10

11,999

Realme Narzo 30A
Realme Narzo 30A

8,999

Realme Narzo 30 Pro
Realme Narzo 30 Pro

16,999

Infinix Smart 5
Infinix Smart 5

7,199

Samsung Galaxy F62
Samsung Galaxy F62

23,999

Samsung Galaxy A12
Samsung Galaxy A12

12,999

Nokia 5.4
Nokia 5.4

13,999

Nokia 3.4
Nokia 3.4

11,999

Realme X7 Pro 5G
Realme X7 Pro 5G

29,999

Realme X7
Realme X7

19,999

Vivo Y31
Vivo Y31

16,490

Oppo Reno5 Pro 5G
Oppo Reno5 Pro 5G

35,990

Samsung Galaxy S21 Ultra 5G
Samsung Galaxy S21 Ultra 5G

1,05,999

Samsung Galaxy S21 Plus 5G
Samsung Galaxy S21 Plus 5G

81,999

Samsung Galaxy S21 5G
Samsung Galaxy S21 5G

69,999

Vivo Y12s
Vivo Y12s

9,990

Vivo Y51A
Vivo Y51A

17,990

Samsung Galaxy M02s
Samsung Galaxy M02s

8,999

Xiaomi Mi 10i
Xiaomi Mi 10i

21,999

Oppo A15s
Oppo A15s

11,490

Tecno Spark 6 Go
Tecno Spark 6 Go

8,499

Vivo V20 2021
Vivo V20 2021

24,990

Vivo Y20A
Vivo Y20A

11,490

Xiaomi Redmi 9 Power
Xiaomi Redmi 9 Power

11,999

Motorola Moto G9 Power
Motorola Moto G9 Power

11,999

Motorola Moto G 5G
Motorola Moto G 5G

20,999

Vivo V20 Pro
Vivo V20 Pro

29,990

Xiaomi Mi 10T
Xiaomi Mi 10T

35,999

Xiaomi Redmi 9i
Xiaomi Redmi 9i

8,299

Xiaomi Mi 10T Pro
Xiaomi Mi 10T Pro

39,999

Infinix Hot 10
Infinix Hot 10

9,999

Vivo V20 SE
Vivo V20 SE

20,990

Vivo V20
Vivo V20

24,990

Micromax In 1b
Micromax In 1b

6,999

Micromax In Note 1
Micromax In Note 1

10,999

OnePlus 8T
OnePlus 8T

42,999

Samsung Galaxy F41
Samsung Galaxy F41

15,499

Apple iPhone 12 Pro Max
Apple iPhone 12 Pro Max

1,29,900

Apple iPhone 12 Pro
Apple iPhone 12 Pro

1,19,900

Apple iPhone 12 Mini
Apple iPhone 12 Mini

69,900

Apple iPhone 12
Apple iPhone 12

79,900

Poco X3
Poco X3

16,999

Realme Narzo 20A
Realme Narzo 20A

8,499

Realme Narzo 20
Realme Narzo 20

10,499

Realme Narzo 20 Pro
Realme Narzo 20 Pro

13,999

Oppo F17
Oppo F17

16,990

Samsung Galaxy M51
Samsung Galaxy M51

22,999

Poco M2
Poco M2

10,999

Oppo F17 Pro
Oppo F17 Pro

22,990

Realme 7 Pro
Realme 7 Pro

19,999

Realme 7
Realme 7

14,999

Best Sellers