Home > Cyber News > New Largest DDoS Attack at 1.3 Tbps Hits GitHub

New Largest DDoS Attack at 1.3 Tbps Hits GitHub

The largest so far GGoS attack happened yesterday registered at 1.3 Tbps. The target was GitHub. The attack was based on a flaw in Memcached servers made public just a few days ago. Apparently, cybercriminals can exploit Memcached servers to carry out large-scale DDoS attacks that don’t require a lot of computational resources, researchers say.

Why is this even possible? Due to the way the server developers deployed the support for the UDP protocol.

Related Story: Bitfinex Platform Suffered Yet Another DDoS Attack

DDoS Attacks Based on a Flaw in Memcached Servers

The issue within Memcached was recently reported by Akamai, Arbor Networks and Cloudflare. The experts said that they detected observing an uptick in distributed denial-of-service attacks based on UDP packets amplified by Memcached servers. These servers are typically used to aid database-driven websites by boosting the memory caching system.

As already said, the flaw is present in the UDP protocol implementation of the above mentioned servers that intensify incoming packets over 50,000 times. The vulnerable port that serves to amplify packet sizes and redirect the packets is port 11211 which is exposed by Memcached servers in default configurations.

Apparently, there are more than 93,000 servers currently connected online “awaiting” to be exploited for DDoS, as in the case with the attack on GitHub.

Luckily, the attack was mitigated almost immediately regardless of the record-breaking size of 1.3 Tbps. Unfortunately, researchers are expecting to see more attacks on a regular basis based on the flaw in Memcached servers.

This is not the first time in recent history where Memcached servers were leveraged in DDoS. Furthermore, the size of the attacks is also expected to grow steadily, and the GitHub record may soon be surpassed.

Related Story: Biggest DDoS Close to 1 Tbps Hits Hosting Company

The previous largest size of DDoS was estimated at 1 Tbps, and the attack was against French hosting provider OVH.

OVH is a hosting company that was a victim of the biggest DDoS attack registered in September, 2016. The attack surpassed the DDoS on KrebsOnSecurity which also took place in that timeframe. In this attack, IoT devices and CCTV cameras were leveraged.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree