At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of their customers, a software development company, driven by memcached reflection.
This attack was the largest attack seen to date by Akamai, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.
Akamai’s blog today: https://blogs.akamai.com/2018/03/memcached-fueled-13-tbps-attacks.html
Here are the details:
- A new DDoS reflection attack vector has been identified: UDP reflection attacks coming from exposed memcached servers. There are currently more than 50,000 known vulnerable systems exposed at this time.
- Akamai has seen multiple attacks, including THE LARGEST DDoS ATTACK AKAMAI HAS EVER SEEN at 1.3 Tbps! Akamai mitigated the attack using Prolexic.
- Attacks of this size cannot be easily defended against by data center solutions, requiring the cooperation of upstream ISPs and/or cloud based DDoS protection services.
- Organisations need to be prepared for these massive DDoS attacks using UDP reflection and should plan accordingly. Note: most DDoS mitigation services cannot withstand this size of attack, and based on SLAs are known to blackhole customer traffic, which Akamai have seen with customers following such an experience.
- Akamai has put pre-mitigation in place for every Prolexic customer, to protect against the memcached UDP-based attacks.
