The Daily Swig Web security digest

GitHub hit by biggest-ever DDoS attack

Jessica Haworth | 05 March 2018 at 16:08

Website targeted by hackers in largest attack on record last week.

GitHub fell victim to the biggest ever recorded distributed denial of service (DDoS) attack on Wednesday, forcing the website offline.

The site was hit with 1.35Tbps of traffic at around 17:21 EST, overwhelming GitHub’s servers and causing it to crash.

But thanks to help from its DDoS mitigation service, Akamai Prolexic, the website was back up and running within 10 minutes.

Akamai rerouted the traffic through its larger servers and blocked malicious requests.

It was able to thwart the attack within the short period of time thanks to a number of special features that were already in place.

Josh Shaul, vice president of web security at Akamai, told Wired that the company was prepared for an attack “based on five times the biggest attack the internet has ever seen”.

So when the GitHub incident occurred, Akamai already had the capacity to handle it.

A second attack at around 18:00 was recorded, but was absorbed without the threat of the website crashing.

Akamai also had a number of features designed to combat against attacks from Memcached servers.

Hackers are increasingly using a technique known as Memcrashing, as multiple DDoS attacks can be carried out without the need for a botnet.

Memcrashing involves hackers using Memcashed servers that are free and available on the internet to bring down other websites.

Attackers can use Memcashed servers to manipulate the User Datagram Protocol (UDP) packet into employing 50,000 times the amount of data received in a command, and directing the traffic to one internet address.

Therefore, only a small amount of computers using Memcrashing can be successful in firing huge amounts of traffic – as in GitHub’s case.

A report carried out by Akamai warned: “Because of Memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long.

“Because of its ability to create such massive attacks, it is likely that attackers will adopt Memcached reflection as a favorite tool rapidly.

“Additionally, as lists of usable reflectors are compiled by attackers, this attack method's impact has the potential to grow significantly.”