Hackers Using New Type of DDoS Attack to Boost Volume

Today’s topics include attackers using memcached servers to amplify DDoS attacks; Google’s new SSL policy setting capability for load balancers; Microsoft’s new Windows 10 build adding extra setup features; and the release of OpenStack Queens.

Global service providers and cloud operators are reporting a new threat vector where attackers are using misconfigured memcached servers to amplify distributed denial-of-service attacks.

In an amplification attack, hackers abuse a misconfiguration in a publicly accessible internet service in an attempt to have the misconfigured service become part of the DDoS attack. In the new memcached amplification attack, hackers are able to send large volumes of UDP traffic to produce the DDoS attack.

CloudFlare engineer Marek Majkowski said, "At peak we've seen 260 Gbps of inbound UDP memcached traffic. This is massive for a new amplification vector." Akamai reported that it has seen multiple sets of memcached reflection attacks, with some attack volumes of 190 Gbps. Arbor Networks reported that it is seeing memcached attacks that are even larger.

Google this week announced Secure Sockets Layer Policies for HTTPS and SSL Proxy Load Balancers, a new capability that lets administrators specify the Transport Layer Security version and profile of features Google's load balancer must use when connecting with clients.

The goal is to give organizations more flexibility for addressing diverse security needs in the cloud.

Google software engineer David Gingold said, "When you use a load balancer as an HTTPS or Transport Layer Security front end, you need to be able to control how it secures connections to clients.” The new policy control feature allows administrators to consider what TLS capabilities they want the load balancer to negotiate and how the settings need to be managed.

Enterprise users will be able to run custom scripts during the Windows setup process in the next major feature update release of the operating system. Microsoft’s new Windows 10 test build 17110 is available for members of the Windows Insider early-access and feedback program, and allows users to add their own scripts to the setup process that accompanies each feature update.

Dona Sarkar, head of the Windows Insider program, and Senior Program Manager Brandon LeBlanc said administrators can use the customer scripts to “enable your enterprise to run your own custom actions/scripts synchronously with setup. Setup will execute custom actions during two update phases controlled by using preinstall.cmd or precommit.cmd.”

The updated Windows setup experience for administrators will also migrate scripts for future updates. Should a custom script introduce errors or fail, a failure.cmd script can undo the actions of previous scripts or perform other custom operations.

The OpenStack Queens platform was officially released on Feb. 28, marking the 17th release of the open-source cloud platform, originally started by NASA and Rackspace in 2010. New capabilities include virtual GPU support and improved container integration.

Several new projects also have made an appearance in Queens, including Cyborg, which provides a generic framework for acceleration of all kinds and is not GPU-specific. Jonathan Bryce, executive director of the OpenStack Foundation, said Cyborg can make use of physical GPUs, Field Programmable Gate Arrays or other kinds of accelerators.

Other new initiatives in the release are the OpenStack Helm project, which works as a package manager for the Kubernetes container orchestration system, and OpenStack-Ansible, which provides configuration and deployment management capabilities for OpenStack services. Additionally, the Lightweight Open Container Initiative project provides an alternative to the existing OpenStack Kola project, which Bryce said has a more complete packaging approach for each container image.