Security News > 2021 > February > Cybercriminals Now Using Plex Media Servers to Amplify DDoS Attacks
A new distributed denial-of-service attack vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline.
"Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks," Netscout researchers said in a Thursday alert.
Plex Media Server is a personal media library and streaming system that runs on modern Windows, macOS, and Linux operating systems, as well as variants customized for special-purpose platforms such as network-attached storage devices and digital media players.
DDoS attacks typically involve flooding a legitimate target with junk network traffic that comes from a large number of devices that have been corralled into a botnet, effectively causing bandwidth exhaustion and leading to significant service disruptions.
Now according to Netscout, DDoS-for-hire services are weaponizing Plex Media Servers to beef up their attack infrastructure, providing an average amplification factor of about 4.68.
Plex makes use of Simple Service Discovery Protocol to scan other media devices and streaming clients, but this gives way to a problem when the probe locates an SSDP-enabled broadband internet access router, and in the process, exposes the Plex service registration responder directly on the Internet on UDP port 32414.
News URL
Related news
- DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (source)
- DDoS attack volume rises, peak power reaches 1.7 Tbps (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Average DDoS attack costs $6,000 per minute (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)