Security news 2/3/2018
Yesterday, GitHub was hit by the strongest DDoS attack ever recorded, a 1.3Tb attack https://www.wired.com/story/github-ddos-memcached/. The details of this attack can also serve as a pretty good introduction to the issue.
- The attack was successfully repelled by Akamai Technologies’ DDoS protection service, as have a large number of prominent attacks recently. Akamai is originally a CDN that rose to the top of the industry by buying specialist firm Prolexic, as this protection is becoming big business.
- The flip side of the success of such a business is the stupid situation of organizations that, unlike GitHub, can’t afford commercial protection on this scale because the cost ratio of attack and defense against it is highly asymmetric. Akamai may have a philanthropic program, but as the biggest DDoS attack of its time on security expert Brian Krebs, which helped expose some of the very DDoS criminal structures, showed, even a philanthropic program has its limits. https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ The last clue then is just the charitable protection of giant Google https://jigsaw.google.com/projects/#project-shield
- Exceptionally, the attack was not led by botnets, which I have been bitching about in the last few newsletters, but just a few days ago by the publicly described phenomenon of public Memcached servers https://medium.com/@qratorlabs/the-memcached-amplification-attack-reaching-500-gbps-b439a7b83c98, which followed the exploit https://drive.google.com/file/d/1zkep0_EJvRAsTA5mMn0HKi8L5lTYTJsN/view published a few months ago. It turns out that the time from vulnerability announcement to massive exploitation is brutally shortening.
- The range of reasons for a DDoS attack is almost endless and sometimes undetectable, and also their “collateral damage” can cover half of Europe in an attack on one company, both of which are demonstrated by the attack on encrypted email provider Protonmail https://www.techrepublic.com/article/exclusive-inside-the-protonmail-siege-how-two-small-companies-fought-off-one-of-europes-largest-ddos/. No one can guarantee that simple blackmail does not in fact mask a state political interest. By paying the ransom, the victim can only dig himself a deeper grave.
- The fact that DDoS is no longer just about money was noted by leading security experts back in 2016 https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html. When the real international conflict comes, we probably won’t post our feelings about it on Facebook.
Author: František Řezáč