Weekly Threat Report - 9th March 2018
Report's are drawn from recent open source reporting, see the latest report here:.
Largest reported DDoS attacks mitigated
The largest ever reported Distributed Denial of Service (DDoS) occurred in early March 2018, according to Netscout Arbor. A peak of 1.7 Terabits per second (Tbps) was recorded, although the attack was mitigated. This followed a recent attack against GitHub on 28 February, with a peak of 1.35 Tbps. The largest known attack previously took place in 2016 against the US DNS provider DYN, which peaked at 1.2 Tbps.
The method used for these attacks is known as a ‘memcached server DDoS’. Memcached servers store data in memory that applications may need access to on external databases. Large companies often use memcached servers to help speed up and assist in dealing with large demands on their services. When memcached servers are openly accessible over the internet via User Data Protocol (UDP), they can be utilised to significantly amplify data.
The attackers ‘ping’ a server with a small packet of data in order that memcached servers reply with a response to the victim which is up to fifty thousand times the original packet size. If there are no mitigations such as filtering or management of networks, this could easily cause a service to go offline. Whilst the vectors were different in the 2016 DYN attack, the incident demonstrates the potential ramifications if other services are dependent on the targeted service; for more information, see the NCSC Weekly Threat Report 24 October 2016.
In the attack against GitHub, there has since been reporting of a ransom made in the data payload, demanding a payment of 50 Monero (worth approx. $15 000). There are also suspicions among various mitigation service providers that this method of amplification has now been adopted by DDoS-as-a-Service providers.
These latest DDoS attacks were mitigated, but further attacks may occur. The NCSC has previously provided DDoS advice regarding understanding the threat of attacks and also response and recovery planning. There is also a detailed catalogue of NCSC DDoS guidance.