Plex Media Servers Actively Abused To Amplify DDoS Attacks

Research workers with NetScout’s Atlas Security Engineering and Response Team have warned against the threat actors campaign, they said that attackers are exploiting server systems of the Plex Media app to amplify various DDoS (Distributed Denial of Service) attacks.
Plex Media Server provides a streaming system that runs on a variety of platforms, including Windows, Linux, macOS, and FreeBSD, as well as network-attached storage (NAS) hardware devices, RAID units, and digital media players, Docker containers, and more features such as users share video and other media with other devices.
As of now, network monitoring firm Netscout believes that about 27,000 Plex Media servers are at the risk of the DDoS dilate attacks, reported in an alert report published on Wednesday which has been released this week.
As part of Plex normal activities, system scans local networks with the help of G’Day Mate (GDM), this activity allows Plex device to find out other supported media devices and streaming users. Additionally, the system also uses SSDP (Simple Service Discovery Protocol) which helps in tracking down Universal Plug and Play (UPnP).
Netscout stated that DDoS attacks are being observed since November 2020, exploiting UDP/32414 SSDP HTTP/U. Amplification attack happens when cybercriminals send requests to the server system in small numbers, and if the server responds back with numerous responses. The threat actors also can mock the source IP address to display as the victim, resulting in traffic that deluges victim resources and cause a crash.
“We’ve seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used,” Richard Hummel, Manager of Threat Intelligence at Netscout said in an email interview when asked if the first time PMSSDP was observed as a DDoS attack amplification vector.
“The total number of attacks from Jan 1, 2020, to present day, clocked in at approximately 5,700 (compared to the more than 11 million attacks in total we saw during the same time frame),” Richard Hummel added.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
System ram type: DDR4_sdram
(as of February 28, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)