Last week, both Cloudflare and Akamai confirmed one of the largest ever reported DDoS attack (distributed denial-of-service) on their client. A massive 1.35Tbps attack targeting one of the leading developer platforms in the world GitHub was launched using exposed “memcached” servers. Akamai said it was able to thwart the attack within 10 minute, thanks to its Prolexic services. GitHub uses Akamai for protection against DDoS attacks and for its content delivery network services.
So, why is memcached important? According to Akamai, it is used to boost the performance of websites – specifically database driven websites. It's used by sites like Facebook, Reddit, and Twitter (which has developed its own version of memcached called Twemcache) among others. However, as of July 2017, of the 106,001 servers that used memcached, over 69% were found vulnerable and could be susceptible to a remote hack.
The 1.35Tbps attack against GitHub was the largest attack seen to date, more than twice the size of the September, 2016 Mirai botnet attack and possibly the largest DDoS attack publicly disclosed. “Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long. Akamai's Prolexic service was able to mitigate the DDoS attack that enabled the developer platform used by organizations globally, to be available and running,” said Akamai.
Akami said that attacks of this size cannot be easily defended against by data center solutions, and require organizations to offload the attacks to cloud based DDoS protection services.
With Prime Minister Narendra Modi focusing on Digital India programme, there is growing digitalisation across the country, leading to now a large vector for cyber attack. Citing its Q3 of 2017 report, Akamai said it found that India (at 7%) was the third-largest source, ahead of China (at 6%), of global DDoS attack traffic. “As more businesses come online in the country and with the rising importance of data that businesses manage, it's imperative that they secure themselves against attacks of varying kinds,” said Akamai.