The possibility remains high that a distributed denial of service or DDoS attack similar to the one suffered by GitHub would be repeated unless Memcached servers are disconnected from the Internet, according to Lily Hay Newman, writing for Wired magazine.
GitHub saw the volume of traffic on its network rise to 1.35 terabit per second during noontime on Feb 28, 2018, forcing the company to call on the services of Akamai Prolexic, its provider of DDoS mitigation services. Akamai routed traffic to and from GitHub to its scrubbing centers to flush out all malicious data. Akamai was able to stop dead in its tracks the DDoS attack because it had put it in place specific measures against DDoS attacks that target Memcached servers. Hackers may have chosen GitHub because it is a well-known service that would be awesome to disable. The hackers could also have been expecting a ransom from GitHub.
Memcached servers are designed to make networks and websites perform faster but should not be exposed to the public Internet. Hackers can access Memcached servers and send them a special command packet and the servers will respond with a bigger reply. Attacks targeting Memcached servers, also known as amplification attacks, are becoming more frequent because they do not need botnets. Hackers merely have to spoof the IP address of their intended targets before sending small queries to multiple Memcached servers. Such attacks negatively affect the ability of networks to handle online customer traffic.
The cybersecurity industry has started addressing the issue by requesting owners of Memcached servers to put these systems behind firewalls on internal networks. Companies such as Akamai have also started installing filters that will immediately block anomalous Memcached traffic. Internet backbone companies can also block Memcached packets provided they know the actual attack command that launched the DDoS attack.