Security News > 2021 > February > Plex Media servers actively abused to amplify DDoS attacks

Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service attacks.
"We've seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used," Hummel said when asked of the first time PMSSDP was observed as a DDoS attack amplification vector.
Attackers can exploit roughly 27,000 exposed devices running Plex Media Server to amplify and reflect DDoS traffic onto their targets systems.
Booters' services are rented to launch large-scale DDoS attacks targeting servers or sites to trigger a denial of service that usually brings them down or disrupts online services.
In January, Baidu Security Lab also reported observing DDoS attacks using Plex as an amplification vector.
According to a subsequent report from ZoomEye, not all Plex Media Server versions can be abused by attackers.
News URL
Related news
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Cloudflare mitigates record number of DDoS attacks in 2025 (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- DDoS attacks jump 358% compared to last year (source)