Open in app

Sign in

Write

Sign in

Memcached DDoS War

Etai Hochman
At-Bay
Published in
2 min readMar 24, 2018

At-Bay provides cyber insurance for the digital age. Learn more at at-bay.com.

After initial experiments the previous week, February 28th marked the opening shot of a new war — The Memcached DDoS war.

Attackers first exploited a vulnerability in Memcached, a distributed memory caching system, that amplified their attacks to achieve the most powerful attack recorded to that date: 1.35 Terabytes per second. This initial attack was a proof of concept that generated media coverage to ensure widespread knowledge of their capabilities. Since then they have refined the technique, reaching a maximum bandwidth of 1.7 Tbps and hitting thousands of websites and asking for ransom.

The expected damage of a DDoS attack

The severity of any DDoS attack depends on the importance of the target web application. The following types of assets are extremely important to their owners and as a result are highly appealing targets for ransomware attackers:

  1. Revenue-generating web applications such as e-commerce, stores, donations, and payments
  2. High-traffic pages with ads
  3. Customer services and applications that usually require log-in to deliver value to customers

These DDoS attacks shut down web applications, and quickly follow up with a ransom note asking for 50 XMR. (The monero coin)

Likelihood of DDoS attack

Since the beginning of March, we have seen thousands of attacks per day with no signs of slowing down. At this rate an attack is only a matter of time.

Impact on cyber insurance

DDoS attacks are not new and the end result for this type of attack is no different than other threats that lead to a denial of service and extortion.

These types of attacks are likely to lead to the following types of insurable damages:

  1. Extortion: cryptocurrency (XMR) payment demanded by the attacker
  2. Business interruption: lost revenue from the downtime of web-applications
  3. Incident response: the costs of contractors to help respond to an incident

How to protect against attacks

Dealing with the magnitude of these attacks requires a dedicated DDoS protection solution and infrastructure. DDoS protection vendors like Imperva, Cloudflare, and Akamai are already protecting their customers from these threats.

If you are a developer, IT manager, security analyst, or a CFO and you believe your organization’s web applications are important make sure it is protected.

Etai Hochman

At-Bay, CTO

Cybersecurity
Insurance
Memcached
Ddos
At Bay

--

--

Etai Hochman
At-Bay

Written by Etai Hochman

8 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams