At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.
Nominum, a part of Akamai, recently partnered with Telecoms.com to survey over 1,500 telecom professionals to get a sense of their concerns, initiatives and expectations for 2018. The findings are captured in the report Telecoms.com Annual Industry Survey 2017.
Remember those commercials for excessive cell phone roaming coverage? The ones with clever skits highlighting the end user having no idea that their phone had crossed an invisible border and switched from primary to roaming coverage? Immediately incurring increased costs for calling, texting and data usage that only become visible when you receive your monthly bill?
Akamai is aware of a new DDoS reflection attack vector: UDP-based memcached traffic. Memcached is a tool meant to cache data and reduce strain on heavier data stores, like disk or databases. The protocol allows the server to be queried for information about key value stores and is only intended to be used on systems that are not exposed to the Internet. There is no authentication required with memcached. When this is added to the ability to spoof IP addresses of UDP traffic, the protocol can be easily abused as a reflector when it is exposed to the Internet. Akamai has seen multiple attacks, some in excess of 190 Gbps, with the potential for much larger attacks.
Lighting the flame marks the beginning of PyeongChang, commemorating the ancient Greek myth of Prometheus stealing fire from Zeus, and connecting the games to its predecessors. The lighting ceremony has provided some of the most iconic moments, such as Muhammad Ali lighting the flame in Atlanta in 1996 and Antonio Rebollo shooting a flaming arrow to ignite the cauldron in Barcelona in 1992.
The Internet was designed to share data, but sometimes the paths that enable it are blocked. When it comes to bad actors - that's a good thing. Most companies today have a Data Loss Prevention (DLP) policy to accompany their web proxies and firewalls. Some of them think this is the best way to stop data exfiltration and monitor what is going in and out of their employee's internet devices. But is this enough?
Carriers providing value-added services need to protect both their network infrastructure and their end-customers from internet threats. New threats are constantly emerging but remodeling your security architecture to address each new threat may leave gaps in your security coverage. Bolting-on third party products to fill gaps isolates your core architecture from change but creates complexity and management challenges such as multiple operating consoles and data integration barriers. Are carriers fighting a losing battle?
Overview
On February 5, an Israeli security researcher, Barak Tawily, discovered a Denial of Service (DoS) attack impacting all 3.x-4.x versions of the Wordpress content management platform. The vulnerability is currently unpatched and relies on a performance boosting feature in Wordpress allowing Javascript and style sheets to be loaded in bulk via a single request. The attack does not affect the Akamai platform, but it does affect any customers using Wordpress unless proper protections are enabled.
