Security News > 2021 > February > DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
Cybercriminals who hire themselves out for DDoS campaigns are beefing up their attacks by abusing a popular media library tool.
In an alert published Wednesday, network monitoring firm Netscout warned of an exploit against Plex Media Server, a media library and streaming system that runs on a variety of platforms, including Windows, macOS, and Linux as well as on such hardware as NAS devices, RAID units, and digital media players.
As part of its normal operation, Plex scans a local network using a protocol known as G'Day Mate in order to find other supported media devices and streaming clients.
Plex can then be exploited to reflect and amplify DDoS attacks.
"The researchers who reported on this issue did not provide any prior disclosure, but Plex is now aware of the problem and is actively working on addressing it," said a Plex spokesperson.
News URL
Related news
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps (source)
- Recently patched CUPS flaw can be used to amplify DDoS attacks (source)
- Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors (source)
- Largest Recorded DDoS Attack is 3.8 Tbps (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks (source)