Story image

NZ pummelled by DDoS attacks during Memcached attack outbreaks

11 Apr 2018

New Zealand did not escape a massive increase in Distributed Denial of Service (DDoS) attacks that swept the world in February and March and Arbor Networks says the ‘Memcached’ vulnerabilities were to blame.

In March, New Zealand was hit by 4200 attacks, equating to 135.4 every day. In February, it was hit by 2700 attacks.

Arbor Networks’ ATLAS global internet monitoring system has visibility into a third of all internet traffic. It can identify the trends and threats happening daily, providing actionable intelligence about botnets, DDoS attacks and malware that threaten internet infrastructure and network availability.

It found that New Zealand is experiencing larger attacks, with some being 25 times larger than the average attack size compared to the same period last year.

The biggest attack against New Zealand was 62Gbps – a 19.3% increase on the previous record.

Between February and March the attacks appeared to originate from the same four countries: The United States, China, the Netherlands – and even New Zealand itself.

In February, New Zealand accounted for 28.57% of attacks and in March, that number dropped slightly to 26.17%.

The largest attack against New Zealand in February reached 74 gigabits per second (Gbps), much higher than March’s 49.4Gbps peak.

“The fact that the attack size fell significantly between February and March from 74 to 49.4 Gbps is likely due to security teams mitigating any further Memcached server related threats,” a statement from Arbor says.

February’s largest packets per second (PPS) attack reached 16.6 MPPS. PPS is the throughput of an attack that targets firewalls, IPS and load balancers, Arbor says. In March, the figure rose to 26.2MPPS.

Improperly-configured Memcached servers accounted for two of the world’s biggest record-breaking DDoS attacks that hit GitHub (1.25Tbps) and another against a US service provider (1.7Tbps).  The servers amplified the effects of the attacks.

Arbor Networks defines Memcached as an in-memory database caching system often deployed in IDC, cloud and Infrastructure-as-a-Service networks to improve performance of database-driven websites and other internet services.

Memcached should not be exposed to public internet in most cases, but there are many deployments that leave the systems open and with the default insecure configuration.

The attacks use the misconfigured servers to launch high-volume UDP reflection-amplification attacks. It does this by spoofing an IP and sending thousands of requests to a server. That host server cannot handle the requests and the process often crashes the server itself.

In some cases, a request of just 15 bytes triggered a response of 750kB – an amplification of 51,000 times.

Read more about Memcached servers here.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Tech community rocked by deaths of Atta Elayyan and Syed Jahandad Ali
Both men were among the 50 killed in the shooting in Christchurch last Friday when a gunman opened fire at two mosques.
NZ ISPs block internet footage of Christchurch shootings
2degrees, Spark, Vodafone and Vocus are now blocking any website that shows footage of the mosque shootings.
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.