Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days

March 15, 2018 | Views: 2417

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Over 15,000 Memcached DDoS Attacks Hit 7,100 Sites in Last 10 Days


Memcached reflections that recently fueled two most largest amplification DDoS attacks in the history have also helped other cybercriminals launch nearly 15,000 cyber attacks against 7,131 unique targets in last ten days, a new report revealed.

Chinese Qihoo 360’s Netlab, whose global DDoS monitoring service ‘DDosMon‘ initially spotted the Memcached-based DDoS attacks, has published a blog post detailing some new statistics about the victims and sources of these attacks.

The list of famous online services and websites which were hit by massive DDoS attacks since 24th February includes Google, Amazon, QQ.com, 360.com, PlayStation, OVH Hosting, VirusTotal, Comodo, GitHub (1.35 Tbps attack), Royal Bank, Minecraft and RockStar games, Avast, Kaspersky, PornHub, Epoch Times newspaper, and Pinterest.


Overall, the victims are mainly based in the United States, China, Hong Kong, South Korea, Brazil, France, Germany, the United Kingdom, Canada, and the Netherlands.

Memcached DDoS Attacks

According to Netlab researchers, the frequency of attacks since 24th February has increased dramatically, as listed below:

  • Before 24th February, the day when Memcached-based DDoS attacks were first spotted, the daily average was less than 50 attacks.
  • Between 24th and 28th February, when Memcached as a new amplification attack vector was not publicly disclosed and known to a small group of people, the attacks raised to an average of 372 attacks per day.
  • Soon after the first public report came on 27th February, between 1st and 8th March, the total number of attacks jumped to 13,027, with an average of 1,628 DDoS attack events per day.

Netlab’s 360 0kee team initially discovered the Memcached vulnerability in June 2017 and disclosed (presentation) it in November 2017 at a conference, but its researchers have hardly seen any Memcache DDoS attacks since then.

The maximum number of active vulnerable Memcached servers at a time that participated in the DRDoS attacks was 20,612.

I don’t want to exaggerate this but expect hundreds of thousands of Memcached-based DDoS attacks in coming days, as hackers and researchers have now released multiple easy-to-execute exploits that could allow anyone to launch Memcached amplification attacks.

However, researchers have also discovered a ‘kill-switch’ technique that could help victims mitigate Memcached DDoS attacks efficiently.

Despite multiple warnings, over 12,000 vulnerable Memcached servers with UDP support enabled are still exposed on the Internet, which could fuel more cyber attacks.

Therefore, server administrators are strongly advised to install the latest Memcached 1.5.6 version which disables UDP protocol by default to prevent amplification/reflection DDoS attacks.
Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. How come articles don’t have a date at the top. Just saying.

  2. Nice info, the impact is scary

  3. Thanks for the information

  4. Thank you for the insite

  5. Thanks! Very informative!

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?