Github weathers world's largest DDoS attack

The site had just ten minutes of downtime

Github has weathered the biggest DDoS attack in history with just 10 minutes of downtime, according to new reports.

The code-sharing site was subjected to a colossal 1.35Tbits/sec surge in traffic, as unknown hackers attempted to take the platform offline. The attack was foiled by Akamai Prolexic's anti-DDoS protections, which Github automatically activated shortly after detecting the spike in traffic.

"We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users," said Github site reliability engineering manager Sam Kottler in a blog post detailing the incident. "To note, at no point was the confidentiality or integrity of your data at risk."

"Making GitHub's edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We're investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery," he said.

The attack appears to be the largest on record, surpassing the previous record-holder, a 1.2Tbits/sec onslaught launched against Dyn in 2016.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

While the attack on Github was larger in volume, the Dyn DDoS was both more sustained and more effective, knocking out internet connections and major websites across large portions of the US for many hours.

The Github attack, by contrast, was called off by the perpetrators after just eight minutes, which may indicate that the incident was merely a test of the hackers' capabilities.

As opposed to the Dyn attack and other major DDoS attacks, this incident did not involve the use of a malicious botnet like Mirai or Reaper. Instead, the hackers used a relatively new form of DDoS, which involves exploiting poor authentication on memcached servers.

Memcached servers are used for database caching, and are intended to help speed up website. But if left publicly exposed online, hackers can use them to carry out DDoS attacks by spoofing a target's IP address and querying the servers with specific commands.

The servers will then respond with a data packet that can be up to fifty times larger than the size of the request, allowing attackers to swamp targets in vast amounts of traffic with ease. Experts estimate that there are around 100,000 unprotected memcached servers sitting online that can be exploited in this manner.

Advertisement - Article continues below

"This massive DDoS attack was possible because organisations operating memcached servers failed to implement some very basic security practices," said Synopsys principal scientist Sammy Migues.

"The impact was minimal because GitHub was commendably prepared to survive an attack much larger than this. Unless the unwitting operators of these memcached servers take corrective action, it is inevitable that other ill-equipped targets will fall victim to similar DDoS attacks and suffer a much longer outage."

According to Ashley Stephenson, CEO of Corero Network Security, this attack also demonstrates the speed with which the cyber criminal community will jump on any new vulnerability.

"It is just a few days since the memcached reflection/amplification vulnerability became widely known. Within a week the largest DDoS ever reported lands on our doorstep, an event that will make mainstream news," explained Stephenson. 

"Meanwhile, Corero has observed a steady ramp in the past few days of memcached based attacks on the wider community. The terabit attack will grab the 'biggest and baddest' headlines casting a shadow that will obscure the thousands of businesses worldwide that have been hit with smaller but equally disruptive DDoS attacks leveraging the memcached vector during the past week."

This isn't the first time Github has been the victim of a DDoS attack - the company was also hit by an attack in 2015, which are believed to have been orchestrated by the Chinese government.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020