GitHub suffered a large Distributed Denial of Service (DDoS) attack on Wednesday, made possible by vulnerabilities in memcached, according to Ashley Stephenson, CEO of Corero Network Security, a company focused on DDoS protection.
Typically in DDoS attacks the bad actors use a variety of techniques, such as botnets, or in this case, Memcached, Stephenson said. Memcached is an open-source, distributed object memory caching system available on hosting servers and it helps programs run faster, he explained. It is an in-memory key-value store for small amounts of data from results of database calls, API calls, or page rendering, according to its website.
Related content: The Memcached vulnerability is worse than originally thought
In Wednesday’s attack, what is intended as a tool to serve users and help them get web pages loaded faster was turned around by the attackers and instead used to attack those users. At its peak, 1.35 terabytes of data were aimed at GitHub servers, according to reports.
Stephenson explained that many of the millions of servers connected to the Internet are often not well-configured from a security standpoint. They often come with generic default usernames and passwords, allowing data in memcached to be exposed to attackers. As a result, the “bad guys” are able to access that port and use it launch attacks.
According to Stephenson, the DDoS protection hierarchy grows from small attacks that businesses can handle themselves to attacks that are the same size as their Internet connection capacity, and finally to attacks that are much larger than the capacity of the organization.
In those large attacks, systems will often switch over to a dedicated cloud DDoS provider, Stephenson explained. In the case of the GitHub attack, the service was handed over to Akamai. After Akamai’s protection kicked in, users who tried to go to GitHub weren’t actually going directly to GitHub. The DNS and routing requests were being resolved by Akamai and the “good” traffic was being sent back to GitHub. Essentially, the attack was being soaked up by Akamai and the normal traffic was sent back to GitHub for normal access for its users.
Though GitHub survived the attack, nothing has really changed for business at large, Stephenson said. “These same kind of attacks will continue to happen so it’s just very important that they consider DDoS as a threat and plan to put in place the protections they need to keep their business up and running in the modern age.”