Security News > 2021 > February > DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
Cybercriminals who hire themselves out for DDoS campaigns are beefing up their attacks by abusing a popular media library tool.
In an alert published Wednesday, network monitoring firm Netscout warned of an exploit against Plex Media Server, a media library and streaming system that runs on a variety of platforms, including Windows, macOS, and Linux as well as on such hardware as NAS devices, RAID units, and digital media players.
As part of its normal operation, Plex scans a local network using a protocol known as G'Day Mate in order to find other supported media devices and streaming clients.
Plex can then be exploited to reflect and amplify DDoS attacks.
"The researchers who reported on this issue did not provide any prior disclosure, but Plex is now aware of the problem and is actively working on addressing it," said a Plex spokesperson.