Posted on March 10, 2018 at 7:14 AM
The Github attack has been getting a lot of press, but a number of other popular, high profile websites have been targeted last week. Targets include Google, Amazon and the NRA. Additionally, a number of countries are being targeted. Not all hope is lost, though…
We’ve been hearing a lot about the Github DDoS attack, that had record breaking traffic spikes. Recently, the vulnerability of 1700 servers, along with three PoC codes were released, making the attacks replicable by anyone with passing interest. But, that wasn’t the only attack using this protocol in the past weeks. In the face of record breaks, we forgot a little bit about the scope of the problem, in favor of noticing the magnitude.
360 Netlab, an IT security firm out of China, published a list including companies and websites that have fallen victim to DDoS attacks through misconfigured Memcached servers. The list was created by researchers using the ddosmon platform and will be used to compute and monitor DDoS attacks.
The list includes QQ.com, Amazon.com, googleusercontent.com, krebsonsecurity.com, playstation.net, minecraft.net, and three of the NRA’s websites, among a few other sites. These are some big names! The complete list is at the bottom of this paragraph, and you can see that they are sites with a lot of internet popularity. The NRA, in particular, is getting a lot of attention.
- QQ (qq.com)
- 360 (360.com)
- Amazon (Amazon.com)
- Google (Googleusercontent.com)
- Avast (Avast.com)
- Kaspersky Labs (Kaspersky-labs.com)
- Brian Krebs (krebsonsecurity.com)
- Epoch Times (Epochtimes.com)
- PlayStation (PSN) (Playstation.net)
- Minecraft (Minecraft.net)
- GTA developers Rockstar Games (Rockstargames.com)
- Pornhub (Pornhub.com)
- HomePornBay (HomePornBay.com)
- NRA Carry Guard (Nracarryguard.com)
- The NRA Foundation (Nrafoundation.org)
- The National Rifle Association of America (NRA) (Nra.org)
The above-mentioned list shouldn’t come as a surprise since all these targets are high profile. The NRA was already in news for all the wrong reasons after the Florida school shooting and since a group of students publicly urged the association to put a Federal ban on assault rifles.
Since the Parkland, FL shooting, the NRA has been making headlines. Students have publicly protested the association, many have called for the removal of the lobby from Washington D.C. and the NRA is fighting back with some odd rhetoric. In an ad featuring Dana Loesch, the organization seemed to threaten a number of journalists, political personalities and others by name, saying “Your time is up.”
In addition to attracting social media ire, the NRA is getting attention from cyber attackers. On February 27 and 28, multiple domains owned by the NRA were attacked with a series of Memcache reflection DDoS attacks, or amplification attack. Twitter was abuzz with the topic, many noting that the sites were down, and linking screenshots.
Additionally, the 360Netlab released a list that included targets in countries like Brazil, Canada, South Korea, France, Germany, the Netherlands and the UK. Cybercriminals are going directly after the cyberinfrastructure of these places.
In light of all this news, and the public release of the PoC, a kill switch is a refreshing news. Gladly, I can report that Corero researchers have found such a fix. It has been tested with 100% efficacy on live attacks. If this fix is widely implemented, these attacks, though great in magnitude, may end up being relatively small in number.