Late final year, Cisco's Talos news as well as question grouping discovered three critical remote code execution (RCE) vulnerabilities inwards Memcached that exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers.
Memcached is a pop open-source as well as easily deployable distributed caching scheme that allows objects to endure stored inwards memory.
The Memcached application has been designed to speed upward dynamic spider web applications (for event php-based websites) past times reducing stress on the database that helps administrators to growth surgical procedure as well as scale spider web applications.
It's been nearly 8 months since the Memcached developers bring released patches for 3 critical RCE vulnerabilities (CVE-2016-8704, CVE-2016-8705 as well as CVE-2016-8706) but tens of thousands of servers running Memcached application are even thence vulnerable, allowing attackers to pocket sensitive information remotely.
Researchers at Talos conducted Internet scans on 2 different occasions, i inwards belatedly Feb as well as some other inwards July, to notice out how many servers are even thence running the vulnerable version of the Memcached application.
And the results are surprising...
Results from Feb Scan:
- Total servers exposed on the Internet — 107,786
- Servers even thence vulnerable — 85,121
- Servers even thence vulnerable but postulate authentication — 23,707
And the transcend v countries amongst most vulnerable servers are the United States, followed past times China, United Kingdom, French Republic as well as Germany.
Results from July Scan:
- Total servers exposed on the Internet — 106,001
- servers even thence vulnerable — 73,403
- Servers even thence vulnerable but postulate authentication — 18,012
After comparison results from both the Internet scans, researchers learned that alone 2,958 servers works life vulnerable inwards Feb scan had been patched earlier July scan, piece the remaining are even thence left vulnerable to the remote hack.
Data Breach & Ransom Threats
This ignorance past times organisations to apply patches on fourth dimension is concerning, equally Talos researchers warned that these vulnerable Memcached installations could endure an tardily target of ransomware attacks similar to the i that hitting MongoDB databases inwards belatedly December.
Although dissimilar MongoDB, Memcached is non a database, it "can even thence comprise sensitive information as well as disruption inwards the service availability would sure Pb to farther disruptions on subject services."
The flaws inwards Memcached could permit hackers to supercede cached content amongst their malicious i to deface the website, serve phishing pages, ransom threats, as well as malicious links to hijack victim's machine, placing hundreds of millions of online users at risk.
"With the recent spate of worm attacks leveraging vulnerabilities this should endure a ruby-red flag for administrators or thence the world," the researchers concluded.
"If left unaddressed the vulnerabilities could endure leveraged to impact organisations globally as well as touching on concern severely. It is highly recommended that these systems endure patched right away to assistance mitigate the opportunity to organisations."
Customers as well as organisations are advised to apply the acre equally before long equally possible fifty-fifty to Memcached deployments inwards "trusted" environments, equally attackers amongst existing access could target vulnerable servers to motion laterally inside those networks.
