According to Akamai, which reported this trend in a press release, one of its customer experienced a record-setting 1.3Tbps attack that uses memcached payloads to deliver the message.
Extorting using messages is not new. For example, earlier “pioneers” like DD4BC sent malicious emails with attack and payment information, data, and deadlines. The attacks start small, threatening for larger attacks and payouts if the victim does not comply.
Memcached offers a different dimension. It is a general-purpose distributed memory caching system that speeds up dynamic database-driven websites by caching data and objects in RAM. It essentially reduced the number of times an external data source must be read.
From the attacker’s point of view, memcached offers a new DDoS attack opportunity. Akamai called it “the new kid on the block in the DDoS world. Hidden within the attack traffic are extortion messages.
During a memcached attack, the attacker drops payloads “onto the memcached server they intend to reflect off of.” “While most attackers are filling these records with junk, it appears these attackers have decided to load up their payloads with payment amount and wallet address information in the hopes of duping desperate victims into forking over their cold hard crypto-cash,” said the company press release.
According to Akamai, there is no sign to suggest that attackers are actively tracking the target's reaction to the attacks, no contact information, no detailed instructions on payment notification.
“If a victim were to deposit the requested amount into the wallet, we doubt the attackers would even know which victim the payment originated from, let alone stop their attacks as a result. Even if they could identify who'd sent the payment, we doubt they'd cease attacking their victim as it was never really about the money anyways,” the press release said.
So instead of acceding to the requests, it may be better to save the money to increase the bandwidth, Akamai advised.