Plex Media Server Used to Execute DDoS Attacks

  • By Dawna M. Roberts
  • Feb 26, 2021

The Bleeping Computer reported this week that threat actors are using Plex Media Server to execute and amplify Distributed Denial of Service or DDoS attacks across the globe.

What is Plex Media Server?

Distributed Denial of Service Attack on Plex

Plex is a popular media server that you can use on Windows, Linux, and Mac, as well as mobile devices to stream your own content (movies, pictures, songs) or content from other sources. 

You can install Plex Media Server on your computer and play movies, songs, or other media from an external hard drive to your Roku or other streaming devices. You can use the free version forever or pay for a subscription that allows you to play content from services like Warner Brothers, Crackle, Lionsgate, MGM, and more. You can even watch live TV on Plex. 

Plex has a strong cult following and a well-supported forum for questions and answers when setting up and configuring your server.

What is a DDoS Attack?

A Distributed Denial of Service (DDoS) attack is a malicious tactic used by hackers to disrupt the normal flow of internet traffic to a web server or network by overwhelming it with a flood of unexpected traffic. 

Often threat actors use compromised computers, IoT devices, or other networked (internet-connected) machines to carry out these attacks. They do this by infecting the computers or devices with malware meant to perform specific tasks. This new network of exploited devices is often referred to as a botnet. Essentially each infected machine becomes a bot capable of carrying out commands from the malicious hacker. Once the server becomes overwhelmed, it refuses normal traffic, which is where the “denial of service” comes in. 

Because hackers use hijacked legitimate equipment to carry out these types of attacks, they are difficult to trace back to their origins and catch the culprits responsible.

How are Hackers Using Plex to Perform Attacks?

To use Plex outside your home network, you need to allow specific ports. according to the Bleeping Computer “amplified PMSSDP, DDoS attacks observed since November 2020 have been abusing UDP/32414 SSDP HTTP/U responses from exposed broadband Internet access routers and redirected towards attackers’ targets.”

The publication went onto explain, “’The total number of attacks from Jan 1, 2020, to present day, clocked in at approximately 5,700 (compared to the more than 11 million attacks in total we saw during the same time frame),’ Richard Hummel, Manager of Threat Intelligence at Netscout told BleepingComputer in an email interview.”

“‘We’ve seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used,’ Hummel said when asked of the first time PMSSDP was observed as a DDoS attack amplification vector.”

How to Protect Your Plex Media Server

The best way to keep your Plex server protected is not to modify your router to allow any traffic on the Plex suggested ports. Another option, according to the Bleeping Computer, is for “SSDP to be disabled. You can filter traffic on UDP/32414. However, it may not allow the connections that you need. 

For those users who need to allow these ports on their router, they should “perform reconnaissance to identify abusable PMSSDP reflectors/amplifiers on their networks and/or the networks of their customers.”

Threat researchers told the Bleeping Computer that “it was found that the version of Plex used to attack was less than version 1.21, so it can be inferred that version 1.21 of Plex released in late January this year has fixed this problem.”

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Welltok’s MOVEit Breach Returns, Another 426k Records Exposed

Welltok’s MOVEit Breach Returns, Another 426k Records Exposed

Welltok operates an online wellness program various organizations use to encourage healthy lifestyles. They've been in our news frequently as the global MOVEit breach continues.

Weekly Cybersecurity Recap November 24

Weekly Cybersecurity Recap November 24

This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach. Various Stanford Health groups had information taken in the MOVEit event, up to 1.6 million patient records.

Work Management Company NSC Tech, Suffers 50k Employee Record Breach

Work Management Company NSC Tech, Suffers 50k Employee Record Breach

NSC Technologies is a workforce management solution pairing perfect prospective candidates with companies desiring long-term employees.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address