GitHub hit by Most Powerful DDoS Attack

On Wednesday, Github was hit by the largest DDoS attack ever recorded in history. The DDoS attack lasted only for nine minutes, but the servers were flooded with data volumes reaching almost 2Tbps.

What is a DDoS attack?
A DDoS or distributed-denial-of-service attack is a type of attack where multiple computer/servers/IoT devices are used to send a massive amount of requests to a target server/service. When the server starts processing these requests and tries to reply to them with a response containing the requested information, its causes the service/server to become unavailable for even the legitimate users as the resource get exhausted on replying to the mass requests.

How did the hackers manage to send such huge amount of data to the server?
In case of traditional DDoS attack, hackers compromise multiple computer, servers or IoT devices and use those devices to send a huge amount of request to a target server. For instance, If one system sends data of 1 MB to the server, 1 Million compromised systems will together send 1 Terabyte of data to the server. The server won’t be able to process such huge amount of data at once, and therefore, will crash.

However, in this case, hackers were able to achieve DDoS attack by compromising few systems and amplifying the data send by those systems using an exposed memcached server (Memcached is a free and open-source, distributed memory object caching system that is intended for use in speeding up dynamic web applications by reducing database load).

It means that if one system was supposed to send a data of 1 MB to the server, the hackers amplified the data 51,000 times, therefore, 1 MB was amplified to 51 GB of data. Thus, the hackers were able to carry out the DDoS attack by using a few compromised devices.

According to the GitHub Engineering team, the attack caused the site to shut down from 17:21 to 17:26 UTC on February 28. The DDoS attacks were able to flood the server with huge data by using a reflection/amplification vector that exploited numerous memcached servers to amplify the attack without the need of too many hacked devices amplifying the threshold to almost 51,000 times the real attack bandwidth.

How to stay safe?
Here are some tips to prevent cyber attacks.

For Users:
Update your antivirus/anti-malware software: Users are advised to use a legitimate antivirus software and update it with the latest signatures in order to protect their system from getting targeted.

Remove unwanted programs/software: Users are advised to keep an eye on the installed programs and software. If you see an application that seems to be unknown/unwanted, remove it, especially if the publisher of the software is unknown.

Keep your system updated: Users are advised to keep their operating system up to date.

For Server Admins:
Monitor access to your web server: Use proper Intrusion Detection Systems (IDS) and Log monitoring services to constantly track the kind of access your server is granting to users.

Regular security auditing + VAPT: Its highly advised that the web admins carry out proper auditing and Vulnerability Assessment and Penetration Testing(VAPT) exercises to close as many loopholes as possible so that it isn’t extremely easy to hack your servers and web applications to upload malicious miners/malwares.