This week, GitHub’s code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps. According to data security researchers, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.
The attackers abuse of Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attack than its original strength. Cyber security experts explain that the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim’s IP.
A few bytes of the request sent to the vulnerable server trigger tens of thousands of times bigger response against the targeted IP address.
“This attack was the largest attack seen to date, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed,” said a data security company that helped Github to survive the attack.
In a post, Github said, “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the Memcached-based that peaked at 1.35Tbps via 126.9 million packets per second.”
A cyber security professional said, “though amplification attacks are not new, this attack vector evolves thousands of misconfigured Memcached servers, many of which are still exposed on the Internet and could be exploited to launch massive attacks soon against other targets”.