#CyberSecurityPulse: Biggest-Ever DDoS Attack Hits Github Website

March 5, 2018
At the end of 2016, a DDoS attack on DynDNS blocked major Internet sites such as Twitter, Spotify and PayPal. The Mirai botnet was used to take advantage of the full bandwidth of thousands of Internet-connected devices. However, last Wednesday 28th of February we witnessed the largest DDoS attack ever seen on the GitHub website, reaching a record 1.35 Tbps and 126.9 million packets per second.

Interestingly, the attackers did not use any botnets, but miscondivd Memcached servers to amplify the attack. Memcached operation is based on a distributed hash table. To prevent misuse of Memcached servers, administrators should consider firewalling, blocking or rate-limiting UDP on source port 11211 or completely disable UDP support if not in use. In this sense, Akamai estimates that at least 50,000 servers are vulnerable.

In fact, Arbor has confirmed this week a new attack with similar characteristics to the one perpetrated against Github, reaching 1.7 Terabits, 0.4 higher than last week. Although it has not communicated the name of the protected client, the company has indicated that it is a corporation based in the United States, which would have suffered from the same amplification vector of previous days relying on servers of the memcached type.

More information at GitHub

Top Stories

More Than $2 Million Worth of Bitcoin Mining Equipment Stolen in Iceland

The thieves stole a multitude of material including 600 graphics cards, 100 processors and 100 motherboards as well as many other mining hardware as was recorded by the security cameras of Advania, one of the companies that has been affected by two incidents in the last months. Iceland has become an interesting country for those engaged in cryptocurrency mining, considering that renewable energy, which represents almost the 100% of the energy generated in the country, is cheap and affordable. Police efforts are trying to track down the thieves by paying special attention to any spike in energy consumption all around the country in an investigation that remains open despite the first arrests already taking place.

More information at The Hacker News

German Government's Stolen After Computer Infiltration

In December 2017 the German government identified a serious intrusion into systems and networks linked to its government. Spokesman Johannes Dimroth has confirmed this while added that it is being treated as a high-priority incident. Some other sources cite that the infection could have been active for a year. The German Ministry of Interior, has identified the culprits as being linked to APT28 (also known as Fancy Bears), a group allegedly linked to Russia after taking part in incidents such as the security breach of the Democratic Party prior to the last US presidential elections or the French elections held in 2017.

More information at Reuters

Rest of the Week´s News

Coinbase Will Send Data on 13,000 Users to IRS

Coinbase has now formally notified its customers that it will be complying with a court order and handing over the user data for about 13,000 of its customers to the Internal Revenue Service. The company, which is one of the world's largest Bitcoin exchanges, sent out an email to the affected users on Friday, February 23. The case began back in November 2016 when the IRS went to a federal judge in San Francisco to enforce an initial order that would have required the company to hand over the data of all users who transacted on the site between 2013 and 2015 as part of a tax evasion investigation.

More information at Coinbase

US Intel Says Russia Launched False Flag Olympics Cyberattack

Russian military spies hacked several hundred computers used by authorities at the 2018 Winter Olympic Games in South Korea, according to U.S. intelligence. They did so while trying to make it appear as though the intrusion was conducted by North Korea, what is known as a false-flag operation, said two U.S. officials last week who spoke on the condition of anonymity to discuss a sensitive matter.

More information at Washington Post

A Simple Bug Revealed Admins of Facebook Pages

Egyptian security researcher Mohamed A. Baset has discovered a severe information disclosure vulnerability in Facebook that could have allowed anyone to expose Facebook page administrator profiles, which is otherwise not supposed to be public information. Baset said he found the vulnerability, which he described as a "logical error," after receiving an invitation to like a particular Facebook page on which he had previously liked a post.

More information at Seekurity

Further Reading

UK Think Tanks Hacked By Groups in China

More information at BBC

Hacker Returns 20,000 ETH Stolen During CoinDash ICO

More information at ZDNet

New Attacks on 4G LTE Networks Can Allow to Spy on Users and Spoof Emergency Alerts

More information at Security Affairs