News Cybercriminals have found a new vector of DDoS attacks


Jaysu

Banned
Joined
21.09.20
Messages
121
Reaction score
776
Points
63
Attackers use Plex-based media servers in their attacks.

Operators of custom DDoS attack services have found a new way to strengthen the "garbage" traffic and increase the power of attacks. According to the warning of Netscout specialists specializing in network security issues, cybercriminals use devices based on Plex Media Server software for this purpose - web applications for managing media content and streaming it.

The application can be installed on regular web servers or delivered as part of NAS (network storage) systems, digital media players, or other streaming devices.

According to experts, when a server or device based on Plex Media Server connects to the network, it starts searching for compatible devices using the Simple Service Discovery Protocol (SSDP). The problem is that when such a device is found, Plex Media Server adds a NAT redirection rule to the router, thereby making the Plex Media SSDP (PMSSDP) service visible on the Internet (UDP port 32414).

Attackers scan the Network for active UDP ports 32414, and then use them to amplify traffic directed at the attacked targets. In this case, the packets can have a size from 52 bytes to 281 bytes, which is 4.86 times the size of the source data.

According to experts, there are more than 27 thousand vulnerable Plex Media servers in the Network that can be used to carry out DDoS attacks, moreover, some of these servers are already being exploited by attackers.

According to representatives of Plex, the company is currently working on adding an additional layer of protection to the patch, which is scheduled for release soon.
 
Top Bottom