Akamai's Content Distribution Network (CDN) announces that it has been under fire from a distributed denial of service (DDoS) attack to a software developer on February 28 at around 6pm. Target ? GitHub, the leading online software development platform, used by many open source projects.
The attempt peaked at 1.3 Tbps, a traffic doubled compared to the previous record recorded by Akamai, namely that against Dyn at the end of 2016, via a Mirai botnet (see our analysis).
This new attack uses a new vector: memcached. This is a service designed to speed up web applications by keeping a cache in memory. The problem is that the service listens to both TCP and UDP traffic, without the need to authenticate, says Akamai.
Memcached instances have been exploited to "mirror" and amplify the attacker's incoming traffic to GitHub, like a mirror. "The vulnerability via this misconfiguration is quite unique for this type of attack, because the amplification can reach a factor of 51 000. In other words, for each byte sent by the attacker, up to 51 kilobytes are sent to the target, "says GitHub.
Faced with the first signs of the attack, the company quickly switched its traffic to Akamai, for good reason. In response to the incident, OVH released a guide for securing memcached instances. The operation holds in a few commands. What a good project for this Friday or the weekend.