Security

GitHub hit with massive 1.35 Tbps DDoS attack, could be world's largest

The attack was carried out through the abuse of memcached instances, taking the site down multiple times.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • On Feb. 28, GitHub was hit with a massive DDoS attack that peaked at 1.35 Tbps, making it one of the largest attacks of its kind ever recorded.
  • A new amplification vector using memcached over UDP is causing network overload problems in a host of companies.

On Wednesday, developer repository site GitHub was hit with a critical DDoS attack that took the site offline multiple times for a few minutes each time. According to a GitHub incident report, the attack peaked at 1.35 Tbps, followed by a second peak of 400 Gbps, which could make it the largest attack of its kind ever perpetrated.

According to the incident report, GitHub was offline Wednesday from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC, thanks to the attack. The report noted that user data wasn't at risk during the attack.

The GitHub attack is the latest in a string of incidents where hackers have exploited a vulnerability in the memcached protocol to amplify the impact of such an attack. Memcached is typically used to speed up websites, but an issue with its UDP protocol makes the attack amplification possible, as noted by CloudFlare.

SEE: Network security policy (Tech Pro Research)

As noted by TechRepublic contributor James Sanders, a document from the United States Computer Emergency Readiness Team (US-CERT) labels the memcached vulnerability as the most powerful known vector for amplification attacks.

Memcached, as is likely inferred by the name, is a tool that uses data caching to help ease the burden on data stores. And, as reported by ZDNet's Steve Ranger, it's not necessarily meant to be used with systems that are connected to the internet.

But, that hasn't stopped attackers from finding a way to use it to launch and accelerate cyberattacks. By mislabeling a victim's IP as a target address, attackers can overload their network with traffic (up to 51,200x more in acceleration) and trigger a denial of service attack.

To fix its own problem, GitHub moved some of its traffic to Akamai for additional capacity at the edge, Ranger wrote. In its own post Akamai, one of the companies who discovered the vulnerability early on, wrote that it predicts "many more, potentially larger attacks in the near future. Akamai has seen a marked increase in scanning for open memcached servers since the initial disclosure."

Also see

GitHub attack
Image: iStockphoto/Makstorm

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox