Dive Brief:

• GitHub.com, a software development platform, was hit with a 1.35Tbps DDoS attack followed by a 400Gbps spike on Wednesday, according to a company announcement. It is the largest DDoS attack on record. 

• The site was offline for only about 10 minutes when the company swiftly responded. GitHub "detected an anomaly in the ratio of ingress to egress traffic" and then alerted engineers. The company decided to move traffic from a facility with more than 100Gbps of inbound bandwidth traffic to Akamai, which could help ease network capacity.

• GitHub is looking into how it uses its monitoring infrastructure to allow for automatic DDoS mitigation providers, according to the announcement. However, the company said no data was compromised.

Dive Insight:

Last year, Radware predicted that cybersecurity was beginning to enter the "1Tbps DDoS era," and Wednesday's events proved just that. DDoS attacks are a crippling force for companies on the internet as hackers use botnets to launch DDoS attacks more catastrophic than ever before. 

Until Wednesday, the world suffered its largest DDoS attack in 2016 when Dyn was hit, which prompted the Department of Homeland Security to advise the private sector to install a more effective network of defenses.

Despite best efforts, more than a year after the historic Dyn DDoS attack in 2016, companies still fail at sufficient redundancy measures. The influx of traffic becomes a "whack-a-mole type of game" when it comes to blocking millions of nodes sent a company's way.

While the notion of an incoming DDoS attack is unnerving on its own, hackers are only set back about $5 for a 300-second attack and $400 for a devastating 24-hour attack. On average, a DDoS attack costs about $25.

Companies need to be aware that a disruption in service is not always the main goal of a malicious actor. Instead, they can be used as a distraction for another more destructive mode of attack.