Security News > 2021 > February > DDoS-for-hire services are exploiting Plex Media flaw to amplify their attacks
Attackers are taking advantage of a security flaw in the way Plex Media servers look for compatible media devices and streaming clients, says Netscout.
Cybercriminals who hire themselves out for DDoS campaigns are beefing up their attacks by abusing a popular media library tool.
In an alert published Wednesday, network monitoring firm Netscout warned of an exploit against Plex Media Server, a media library and streaming system that runs on a variety of platforms, including Windows, macOS, and Linux as well as on such hardware as NAS devices, RAID units, and digital media players.
As part of its normal operation, Plex scans a local network using a protocol known as G'Day Mate in order to find other supported media devices and streaming clients.
Plex can then be exploited to reflect and amplify DDoS attacks.
"The researchers who reported on this issue did not provide any prior disclosure, but Plex is now aware of the problem and is actively working on addressing it," said a Plex spokesperson.
News URL
Related news
- Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)