GitHub has been hit by what may be the biggest DDoS attack in history, but was offline for just ten minutes. The service is used all over the world by developers looking to host and refine their code, making it an essential part of many companies.
According to GitHub network boss Sam Kottler, the February 29 attack peaked at 1.3 TB, making it larger than the Dyn cyber attack that took out websites across the US last year. The attack began at 17:21 and was mitigated by 17:30 thanks to Akamai's DDoS mitigation service.
The attackers abused Memcached instances to send huge amounts of data, amplifying the attack by up to 51,000. It's not the first time GitHub has been the target of DDoS attacks, with Chinese government suspected as one of the attackers in a five-day 2015 attack.
Over the past year, GitHub has been hardening its infrastructure, but it doesn't seem to have been enough in this case. In the future, it's promised to “[make] GitHub's edge infrastructure more resilient to current and future conditions of the internet and less dependent upon human involvement.”
Microsoft and GitHub
Kottler says the company is aware of how much businesses rely on GitHub to succeed, and that can't be take for Microsoft. Statistics last year revealed that the company has the most open source contributor on the platform, numbering at over 16,000.
Alongside Microsoft are over 331,000 active organizations that rely on the platform, with 5.8 million active users. It's essential that GitHub is able to mitigate such attacks in the future, and it seems to be on the right path. DDoS attack mitigations often takes over an hour, while GitHub's was completed in minutes.