Skip to main content
close search
site logo
Dive Brief

Take a seat GitHub: Service provider suffers record 1.7Tbps DDoS attack

Published March 6, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
US Air Force Public Affaris

Dive Brief:

  • Last week's record-breaking 1.35Tbps DDoS attack on GitHub was dethroned by a 1.7Tbps attack directed toward a U.S. based service provider, according to a NETSCOUT Arbor report released Monday. However, no outages were reported by the targeted service provider.

  • The most recent attack leveraged "the same memcached reflection/amplification attack vector that made up the GitHub attack," according to the report. Memcaching is used for "speeding up dynamic web applications by alleviating database load," according to Memcached. Hackers can exploit the servers by "spoofing a target's IP address to the default UDP port" to return a much higher response rate on the target, reports ZDNet.

  • Researchers believe these attacks are also coupled with a ransom demand, reports Ars Technica. Malicious actors leveraging the open servers are inputting "Pay 50 XMR" with an address to a wallet. The phrase is repeated continuously to try and exhaust available network bandwidth. GitHub's attack featured the same technique with the same wallet address.

Dive Insight:

There's a newer and more severe form of DDos attacks emerging, but there are still hiccups in the hacker's actions.

For example, because the address for the wallet is repeated among attacks, the hacker has lost the ability to properly track who has paid for a ransom and who has not, according to Ars Technica. Without automated tracking, the hacker cannot prevent another attack on a victim who already paid the ransom.

And as was seen in Nyetya, often called NotPetya, ransom demands are sometimes used as red herrings to draw attention away from more crippling impacts of a cyberattack. 

However, regardless of flaws, hackers are still maturing their techniques and taking advantage of negligent practices. Hackers are leveraging open servers to their advantage, making security experts scramble to shut down memcached servers that are open to the internet.

But due to the existing high volume of open memcached servers, thwarting this level of attack will be all the more difficult, according to NETSCOUT Arbor.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Arcus Power Launches Power Market Data Solutions on Snowflake Marketplace
From Arcus Power Corp
December 04, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.