Code sharing and hosting platform GitHub has faced what is being seen as the world’s most powerful DDoS attack. As announced by the platform itself, GitHub was down for close to five minutes on February 28, which led to a massive torrent of 1.2Tbps traffic targeting the site all at once. However, GitHub promises users that their data is secure – “at no point was the confidentiality or integrity of your data at risk.” Also Read - Dark Web Alert! Domino's India data of 180 million orders leaked online
“The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second,” GitHub wrote in a blog. Also Read - Air India server hacked, personal data of 45 lakh passengers leaked in massive cyber attack
“Memcached servers” are used to cache data and reduce the load due to memory intensive services. Many of these servers are exposed on the internet, and anyone can search for them. Also Read - COVID-19 themed cyber-attack surge by 114 percent in Q4 2020: McAfee
Ten minutes into the attack, GitHub sought help from Akamai Prolexic, which is a DDoS mitigation service. In order to block the malicious packets, Akamai routed all the traffic through its scrubbing centers. Akamai reveals that the hackers were able to push the attack to about 126.9 million packets per second. The attack was more than twice the size of the September 2016 attacks that was a result of Mirai botnet.
GitHub further said, “The vulnerability via misconfiguration described in the post is somewhat unique amongst that class of attacks because the amplification factor is up to 51,000, meaning that for each byte sent by the attacker, up to 51KB is sent toward the target.”
Further, GitHub also talks about what it’s doing to avoid recurrence of such an attack. It writes, “We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR).” “We’re going to continue to expand our edge network and strive to identify and mitigate new attack vectors before they affect your workflow on GitHub.com.”