‘Plex media servers are actively used in DDOs attacks’

Security firm Netscout warns of Plex media servers used for DDOs attacks. According to the company, so-called ddos-for-hire services have set their sights on the servers because they can easily abuse the SSDP protocol.

The Simple Service Discovery Protocol, or SSDP, allows a Plex media server to scan a local network for devices it can connect to. According to Netscout, the Plex Media Server app creates a new “network address translation” rule at the local internet router that allows the media server’s SSDP protocol to directly access the internet via udp port 32414.

Using the SSDP protocol through this UDP port on a router is an interesting avenue for cybercriminals to track down, access, and access media servers using the Plex Media Server app, and then launch DDO attacks with them. feed. Hackers should only search the internet for devices that have the UDP port 32414 open and can take over the device thanks to the activated protocol.

The company says it has already found more than 27,000 vulnerable Plex servers that can be used to carry out a DDO attack. In addition, Netscout is convinced that DDO attacks via these servers will become more and more common as sophisticated cybercriminals have already incorporated many of them into their botnets. The company states that these criminals will soon make them available to a wider hacker audience. However, Netscout does not expect the hacked servers to be the driving force in future DDOs attacks. The servers could be used in conjunction with other means.