Beware Memcached: how to fight off the latest wave of DDoS attacks


After assessing cyber-security weaknesses across the organisation, it's essential the necessary steps are taken to implement an escalation path - how you work to turn that problem into a solution.

Dubbed ‘irresistibly attractive' by research directors, memcached servers recently became the latest target for cyber-criminals looking to carry out distributed denial-of-service (DDoS) attacks. Causing organisations to become overwhelmed by a targeted flood in internet traffic, victims of memcached are forced to grind to a halt, as they struggle to manage their resources. 

While not a new danger per se, warnings of memcached recently heightened since software developer platform, GitHub revealed it had survived the largest recorded attack in history earlier this year. Experiencing around ten minutes of disruption, the site managed to quickly restore normal service, despite the attack reaching a peak of 1.35 terabytes per second.

Since then, the cyber-security industry has been on high alert, preparing itself for the latest peak of DDoS attacks. In a recent survey – conducted by the Neustar International Security Council – 92 percent of organisations reported taking steps towards minimising the risk from amplified distributed DDoS attacks utilising memcached servers. While it's obvious recent cautions haven't gone unnoticed, there is still a way to go until businesses can feel safe in their deterrent efforts.

Understand what needs protecting

To avoid becoming the next victim of memcached flooding, businesses first need to understand exactly which element of their enterprise is most vulnerable to external hackers, and work to safeguard it in the right way. 

With the whole premise of memcached evolving around internet servers, ensuring you verify and run regular system patch tests, along with penetration testing and vulnerability assessments, is key to wider cyber-security strategies. On a broader scale, every business should have a dedicated DDoS mitigation plan in place, working to fight against the inevitability of online attacks.

Not only will these consistent checks and overarching model help organisations meet necessary compliance standards, they will also outline holes in various systems that need to be plugged. If you can spot them, so can a hacker. 

Clearly define processes

After assessing cyber-security weaknesses across the organisation, it's essential the necessary steps are taken to implement an escalation path – how you work to turn that problem into a solution.

Mapping out a clear, measurable and to-the-point route to reforming the issue will help your business reach resiliency and operational efficiency as seamlessly and quickly as possible. However, even in the best case scenario, the most advanced technology in the world is only as good as the process it is modelled on and the organisation using it. 

In fact, we're now increasingly seeing experts recommending doubling – or even tripling – up on DDoS mitigation solutions. By installing one mitigation downstream – defending at the point of the attack, and the other upstream – to provide protection closer to the attacker before it reaches your network, you stand the best chance at fighting off the threat. Also, if worse comes to worse and one system crashes or is compromised, you'll always have a back-up.

Know what's normal

With the possibility of multiple service providers in place, having a clear understanding of assets and how they communicate and interact provides context, allowing organisations to correctly isolate events that aren't normal and therefore investigate them.

Through website monitoring tools, businesses can gain a complete understanding of their online performance, helping to determine the difference between an external attack and an internal glitch. Website monitoring alerts can be used to interpret errors – whether its connectivity issues, unexpected down-time or system violations – and automatically make recommendations on the best course of action. Having these methods of detection in place also work in cases of one-off events or attacks, drastically decreasing the amount of time it takes to respond accordingly.

When there is heightened risk of an attack, businesses that cannot easily detect and differentiate usual performances from the unordinary immediately make themselves a prime target for hackers, many of which just want to reap havoc.

As memcached DDoS attacks continue to expose database caching servers, it's down to organisations to ensure their infrastructure is as protected as possible. Despite the largest-ever attack recently being record, that's not to say there aren't more record-breaking attacks to come, with cyber-criminals growing their capabilities every day. All we can do is invest in and deploy the right solutions, to give us the best chance of winning in the cyber war.

Contributed by Rodney Joffe, former White House advisor, serial entrepreneur and FBI awarded cyber-security specialist, senior vice president, senior technologist and Fellow at Neustar

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event