Websites associated with the US National Rifle Association (NRA) have often been the targets of Memcached-based DDoS attacks, according to Qihoo 360's Network Security Research Laboratory (Netlab).
The Chinese company, who has one of the widest views of all Internet traffic due to its leading position on the Chinese market, has published today statistics in connection to the new Memcached-based DDoS attack vector.
Among the many stats, Netlab revealed a list of the most common targets hit by DDoS attacks carried out via vulnerable, Internet-exposed Memcached servers.
High on the lists are your usual suspects —large tech companies with a big online presence. Top targets include Chinese Internet portals QQ.com and 360.com, but also US tech giants Google and Amazon.
This is no surprise, as almost any wannabe hacker believes he can somehow take down the Internet's biggest companies without realizing he's just throwing junk packets at services designed to absorb large amounts of traffic and then lick their fingers.
Netlab's list also includes other regular targets of DDoS attacks that we've seen often attacked in recent years, such as the porn industry (PornHub, HomePornBay), the gaming industry (Play Station, Minecraft, Rockstar Games), and cyber-security companies (Avast, Kaspersky Lab, Qihoo 360).
The big surprise on this list is that among the top targets of Memcached DDoS attacks there are also three official NRA domains —nra.org, nrafoundation.org, and nracarryguard.com.
The attacks certainly happened, albeit none appears to have caused a prolonged downtime. Running a quick Twitter search reveals a plethora of tweets from people carrying out or noticing NRA domains going down due to a DDoS attack. The biggest one appears to have taken place on February 28, when multiple users reported the website down for hours.
Looks like NRA website is under a DDOS attack pic.twitter.com/SFyMDn3vtp— Oregon I.T. not IT ⚾ (@OregonJOBS2) February 27, 2018
The NRA website has always been a bit wonky. It appears to be accessible again, though. Probably a combination of demand and DDoS. https://t.co/KLbvubGazE— Corey J. Mahler (@CoreyJMahler) February 28, 2018
Can’t access @NRA website. Been trying for hours. Must be too busy with either: A. Responsible gun owners looking to join/donate (me) or B. Protesters mounting a DDOS (Leftist Looneys that blame guns, instead of criminals) #SupportNRA #SupportUSCCA— Gary L. (@Tailinloop) February 27, 2018
The targeting of NRA websites shouldn't be a surprise for anyone following the US internal political scene, where the pro-gun-carry organization has been under heavy criticism after a mass-shooting at the Stoneman Douglas High School in Parkland, Florida.
BleepingComputer has reached out to the NRA for comment regarding the attacks and how they were mitigated, but had not received a response back as of yet.
Putting the NRA and its controversy aside, the Netlab report also contains a worrisome trend. According to the Chinese company, the number of Memcached-based DDoS attacks has constantly gone up.
Netlab says that before February 24, it recorded less than 50 Memcached-based DDoS attacks per day. Between February 24 and February 28 this number grew to 372 per day, then to 1,938 between March 1 and March 5, and the company recorded 2,008 DDoS attacks yesterday, on March 7.
A reason why these attacks have risen dramatically is because of the media coverage these incidents got. Two Memcached-based DDoS attacks broke the record for the largest DDoS attack ever recorded twice in a week (GitHub suffered a 1.3 Tbps attack; a US service provider was hit with a 1.7 Tbps attack). Proven to provide exhaustive firepower, hacker groups flocked to weaponize Memcached servers.
Another reason is that proof-of-concept code that automates Memcached-based DDoS attacks has been released on GitHub and Pastebin, greatly reducing the technical skills to perform such attacks.
The good news is that mitigation techniques exist that victims could deploy to safeguard their servers, and that the number of vulnerable Memcached servers left exposed online has declined in recent days.