Security News > 2021 > February > Plex Media servers actively abused to amplify DDoS attacks
Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service attacks.
"We've seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used," Hummel said when asked of the first time PMSSDP was observed as a DDoS attack amplification vector.
Attackers can exploit roughly 27,000 exposed devices running Plex Media Server to amplify and reflect DDoS traffic onto their targets systems.
Booters' services are rented to launch large-scale DDoS attacks targeting servers or sites to trigger a denial of service that usually brings them down or disrupts online services.
In January, Baidu Security Lab also reported observing DDoS attacks using Plex as an amplification vector.
According to a subsequent report from ZoomEye, not all Plex Media Server versions can be abused by attackers.
News URL
Related news
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)