Data Backup Digest

While they still happen on a regular basis, the standard DDoS attack isn't as common as it once was. As many mission-critical networks embrace the latest innovations, like cloud computing and the IoT, IT experts encounter new threats almost daily.

But the traditional DDoS attack is – at least for some – still a part of the hacker's toolkit. In fact, 2018 had already recorded the largest DDoS attack in history – and it centered on GitHub. Thankfully, the team with GitHub detected the threat early enough and responded immediately – thus minimizing the damage. A follow-up post on their official blog reads, in part: "At no point was the confidentiality or integrity of your data at risk."

What is a DDoS Attack?

One of the oldest tricks in the modern hacker's repertoire, a DDoS (distributed denial-of-service) attack uses remote computers – anywhere from a few machines to thousands – to flood a particular website or service with more web traffic than it can handle.
In most cases, DDoS attacks are more of a nuisance than anything else. But they can cause system outages and even data loss if these networks don't have recent backups at the ready.

The Largest in History

The official post went on to state specific details of the event: "Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second."''

While a DDoS attack of this scale is unprecedented, it actually shows some parallels of past attacks. One specific incident, which occurred in 2016, also targeted GitHub as well as sites like Netflix, Twitter, Reddit and even the Internet infrastructure company Dyn.

Thankfully, the IT team with GitHub was fully prepared to address the attack and prevent any serious damage. But a company that lacks a skilled IT staff – like many startups and small businesses of today – would have experienced an extended system outage at the very least.

GitHub's official blog post wrapped up by stating: "Making GitHub’s edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement requires better automated intervention. We’re investigating the use of our monitoring infrastructure to automate enabling DDoS mitigation providers and will continue to measure our response times to incidents like this with a goal of reducing mean time to recovery (MTTR)."

Counteracting DDoS Attacks and Other Online Threats

While we cannot prevent DDoS attacks and other online threats, the recent incident with GitHub highlights the effectiveness of a skilled and knowledgeable IT staff. Not only did they demonstrate the knowledge in identifying the suspicious activity, but they displayed exceptional skill and reaction time by addressing the issue as soon as possible. As such, the world's largest DDoS attack in history can actually be used as a valuable learning experience for those who want to strengthen their network security.