Caption: Ali assisted Jingning police in destroying China's first cyber black and gray gang engaged in new DDoS attacks
A huge amount of DDoS attacks can be launched with a small amount of bandwidth , so that the government inquiry channel cannot be accessed normally, the school webpage cannot be issued a notice, the shopping webpage can be "surprisingly" lost, the chess and card online game cannot be logged in, and the loan payment is suddenly interrupted ...
Recently, the special team of Alibaba Security Department assisted the Zhejiang Jingning police to destroy the first large-scale network black and gray gang engaged in memcached DDoS attacks in China. The gang used new DDoS attack methods such as a high-performance cache system ( memcached ) and a clock network synchronization server ( NTP ) to build a network attack platform for profit.
The platform attacks include overseas website servers, government enterprise website servers, school website servers, and major cloud servers. "These platforms specifically provide the latest DDoS attack mode for a large number of black and gray elements to attack domestic and foreign servers." Jingning police handling the case said, "The consequences are very serious and the loss is incalculable."
Ali technology assists the police in ending the new DDOS attack gang
After more than two months of careful investigation, the Zhejiang police, with the assistance of the Alibaba special team, found out the "secret" behind this behind-the-scenes organization.
"They have their own technical team, and they have also developed the latest memcached DDoS attack mode on the entire network, mainly providing DDoS attack tools and interfaces for others on a daily basis. One of the DDoS attack platform interface shows that there are nearly 10,000 registered members. "The technical expert of Alibaba's project team said.
The gang mainly purchased overseas outsourcing machines, built their own DDoS attack platforms, promoted DDoS services by brushing the rankings of search engines , attracted "attackers", and searched for peer websites to attack their servers to attack competitors. "The black-and-grey producers register through the web page provided by the gang, purchase the corresponding attack package service, and then send attack instructions through the platform client to carry out DDoS attacks." The police handling the case introduced.
On the evening of May 5 , 2018 , with the arrest of the last main suspect in the case in Xiangxi, the Ministry of Public Security's supervision of the "129 Computer Information System Destruction Case " also came to an end. At present, the case has destroyed a total of 3 hacker attack platforms , captured 3 main founders of the platform , seized 15 overseas charter planes and more than 100,000 attack logs .
A new DDoS attack can create 50,000 times the amount of junk traffic and block the network
Caption : Source distribution of memcached reflection sources
DDoS攻击的历史可追溯到上世纪90年代,如今,黑灰产的DDoS攻击能力也在日益提升。
专门从事网络黑灰产技术研究的阿里安全归零实验室专家表示,反射型DDoS攻击是相对高阶的种类。攻击者并不直接攻击目标服务IP,而是通过伪造被攻击者的IP向全球特殊的服务器发请求报文,这些特殊的服务器会将数倍于请求报文的数据包发送到那个被攻击的IP(目标服务IP)。
据介绍,以往的DDoS反射攻击,例如NTP和SSDP攻击的放大倍数一般都是30~500之间,而memcached DDoS的放大倍数都以万为单位,通常情况下,其放大倍数约为5万倍,而且不排除这个倍数被继续放大的可能性。
“利用这个特点,黑灰产团伙可以用非常少的带宽即可发起巨量的DDoS攻击。”阿里安全归零实验室技术专家称,“这种攻击手段对目标对象非常有效,不仅使得监控、溯源更加困难,而且可瞬间制造巨大垃圾流量,造成网络堵塞和服务中断,因此危害极为巨大。”
据悉,阿里巴巴集团成立了专案团队和归零实验室,通过线索和技术的支持,协助警方推进案件侦办,以解决当前日益严重的网络违规和网络犯罪问题。
详情链接:http://jaq.alibaba.com/community/art/show?articleid=1679
阿里聚安全(http://jaq.alibaba.com)由阿里巴巴安全部出品,面向企业和开发者提供互联网业务安全解决方案,全面覆盖移动安全、数据风控、内容安全、实人认证等维度,并在业界率先提出“以业务为中心的安全”,赋能生态,与行业共享阿里巴巴集团多年沉淀的专业安全能力。