author photo
By Bruce Sussman
Wed | Mar 7, 2018 | 2:01 PM PST

Memcached is still in the headlines for its vulnerability that is making record breaking DDoS attacks possible.

But sometimes, things go from bad to worse.

The risk from Memcached vulnerability is more than DDoS

Researchers at Corero Network Security say the potential impact of the Memcached vulnerability extends to data loss and corruption:

"Any Memcached server that can be forced into participating in a DDoS attack towards the Internet can also be coaxed into divulging user data it has cached from its local network or host. This may include confidential database records, website customer information, emails, API data, Hadoop information and more."

Researchers say it would also be possible to remove cached data, manipulate it, and then replaced it without the server's owners knowing.

Ashley Stephenson, CEO at Corero Network Security, says much of the risk is a byproduct of the move to the cloud combined with default settings.

That's because default configurations for some of the latest operating systems and cloud computer services still allow ubiquitous access to the Memcached service and customers’ private data.

“While this blatant lapse of security is relatively clear to the accomplished security practitioner or hacker, it is not known to the increasingly business-oriented, non-technical user who is clicking a button to set up a new server in the cloud. There are dozens of US-CERT CVE and obscure security warnings related to Memcached but few of them address the clearly obvious issue of leaving the front door open on the internet for anyone to come in and take your data,” he says.

Kill switch reportedly found for Memcached vulnerability

Researchers at the company also say they've discovered what is described as a DDoS attack "kill switch" for the Memcached vulnerability. 

The company says this inolves sending a command back to an attacking server to suppress the current DDoS exploitation. 

It has forwarded that information to national security agencies, so keep an eye out for more information on this part of the cybersecurity story.

Tags: DDoS Attack,
Comments