2023 Author: Bryan Walter | [email protected]. Last modified: 2023-05-21 22:24
Source code hosting and version control service GitHub was hit by the most powerful DDoS attack in the history of the Internet on February 28, which peaked at 1.35 terabits per second. It was based on a mechanism for amplifying DDoS attacks using Memcached servers identified a few days earlier. The service returned to normal nine minutes after the attack began, and user data was not disclosed, according to a GitHub press release.
DDoS is a type of attack in which cybercriminals send so many requests from multiple computers to the victim's servers that the servers are no longer able to cope and become inaccessible to users. There are many DDoS attack methods, including amplified attacks using public servers. In this method, the attacker presents the victim's IP address as his own and sends a request of a certain size to the vulnerable public server, after which this server sends a much larger packet to the victim's computer.
At the end of February, several Internet companies reported that they had discovered a new type of massive DDoS amplification attacks based on the use of vulnerable Memcached servers that are used to cache and speed up the loading of some data. Such an attack was described by Chinese information security researchers in 2017, but only now are companies beginning to detect massive attacks of this type in practice. Some of them reached traffic of almost 500 gigabits per second, and in some cases the gain was more than 9000 times compared to the original requests.
Now the GitHub service has faced a similar attack, which is used by many developers to host source code and control versions of programs. This DDoS attack became the strongest in history - at its peak, traffic reached 1.35 terabits per second. For comparison, in 2016, Internet traffic throughout Russia averaged about seven terabits per second. Almost immediately after a sharp increase in traffic, GitHub redirected it to the servers of a company that owns one of the largest content delivery networks, which were able to block the attack in a few minutes. For the first five minutes, the GitHub servers were unavailable, then they worked intermittently for several minutes, after which they returned to normal mode. GitHub stated that customer data was not affected.
Traffic graph during the attack
The previous largest DDoS attack occurred in October 2016, when hackers attacked Dyn's DNS servers. At its peak, the attack reached 1, 2 terabits per second, which made many popular American and European sites unavailable for some time.
In 2016, Google introduced Project Shield, a free service designed to protect media sites and human rights organizations from DDoS attacks. It uses algorithms that automatically detect increased load and filter requests, separating regular requests from hacker ones.