The biggest distributed-denial-of-service (DDos) attack was considered to be the attack against Dyn in 2016. A huge game-changer took place last week, after hackers committed a severe cyber crime. The target was GitHub: a very popular service, visited by millions of people daily.
It is a fact that this software development platform has been a common target for crooks, but previous attacks were not as powerful. The attack against GitHub is now considered the biggest DDoS attack in history. Will it stay in the number one position for long? Difficult to say.
Memcached amplification technique used in the recent DDoS attack against GitHub
While there are techniques for hackers to commence a DDoS attack, crooks opt to find new and sophisticated ways to cause havoc. Memchached servers are database-caching systems which are supposed to make networks and websites work faster. Surprisingly, part of the servers are usually accessible on the public Internet, allowing random people to query the servers.
However, hackers can exploit this possibility very viciously: as it turned out, crooks can spoof IP addresses of intended victims and send queries to multiple memcached servers. As a result, the targeted websites received huge amounts of malicious traffic. Unable to deal with it, websites crash. For instance, the effect for GitHub lasted for approximately 8 minutes.
Researchers also found that hackers hid ransom notes in the malicious traffic they directed to targeted websites. Hack against GitHub is not the only recent DDoS attack: specialists have been informed of dozens of similar attempts. However, it is not usual for hackers to hide ransom notes in traffic. Usually, they found more eye-catching places to display their demands. This appears to be a more secretive way of asking for a ransom.
Security researchers explain that more DDoS attacks are expected
Researchers explain that pulling of similar stunts has become easier than ever. Therefore, it is very likely that attackers won’t wait around: they will attack various services with the hopes of causing them damages. GitHub has made some statements about the attack against their website. They explained that the DDoS attack occurred on February 28th and laster from 17:21 to 17:3 UTC. In order to protect their service better, GitHub owners have decided to move traffic to Akamai.
Techniques to protect websites from DDoS attacks
First of all, please make sure that your network providers would include anti-spoofing. Secondly, please limit the publicly accessible tools. Thirdly, it is best to have several upstream providers. There are a few tools that users should consider in addition to standard protection of networks. We are referring to load balancers and cloud-based anti-DDoS solutions.
Source: threatpost.com.