How Media Reports Trigger Copycats

None, None; None, None

How Media Reports Trigger Copycats

An Analysis of the Brewing of the Largest Packet Storm to Date

Conference Paper (2018)

Author(s)

V.D.H. Ghiëtte (TU Delft - Cyber Security)

C. Dörr (TU Delft - Cyber Security)

Research Group

Cyber Security

DOI related publication

https://doi.org/10.1145/3229598.3229606

Threat intelligence Denial-of-service attacks Memcached

To reference this document use:

https://resolver.tudelft.nl/uuid:ef2f14c3-2455-4bd5-9c3b-8e899c6aa719

More Info

expand_more

Publication Year

2018

Language

English

Research Group

Cyber Security

Pages (from-to)

8-13

ISBN (print)

978-1-4503-5910-8

Abstract

In late February 2018, news spread through the mainstream media about a massive distributed denial-of-service attack on the popular software collaboration website github.com. Estimated at a rate of 1.3 Terrabit per second, this massive packet flood was the largest DDoS attack by volume to date, surpassing previous records set by the first IoT-based DDoS attacks in 2017.

In this paper, we analyze the behavior of the actors scanning and probing the Internet for presence of exploitable memcached servers that were the root cause of this attack, both before and after the media coverage. We find that the attacks of late February were preceeded by a large scale reconnaissance action a month before, and that the attacks were the result of an extended evolution of methods to find a suitable attack strategy. Furthermore, we see that the coverage about the massive DDoS attack actually triggered another wave of DDoS attacks, resulting in the large influx of new, previously unseen users who seem to be leveraging ready-made tools.

No files available

Metadata only record. There are no files for this record.