Massive DDoS attacks are increasingly plaguing the internet, with the largest one ever recorded hitting GitHub last week. This attack has reached a peak of 1.35Tbps of incoming traffic and was made possible through the use of memcached servers, instead of the usual bots.
Memcached servers are designed to increase the speed of networks internally and should be kept protected from the internet. But, as reported by Akamai, a DDoS mitigation service, more than 50,000 of such servers are currently exposed to the internet and, therefore, vulnerable to attack. By exploiting those unsecured memcached servers, an attacker can massively amplify an attack and easily reach those alarming terabit levels of traffic.
To make matters worse, the tools used to launch such attacks were made public on GitHub this week, enabling anyone to perform the next record-setting terabit attack. The tools only require Python 3.x and a couple of modules installed in order to make use of a list of 17,000 IP addresses of unsecured memcached servers.
Of course, DDoS mitigation services are already aware of the issue. As reported by CyberScoop, Corero published countermeasures this Wednesday making available a kill switch that can neutralize any attack that makes use of that list of 17,000 IP addresses.