US service provider survives the biggest recorded DDoS in history

A new technique that abuses poorly secured servers is fueling record-breaking denial-of-service attacks, along with notes demanding the targets pay hefty ransoms for the debilitating flood of junk traffic to stop. Memcached, a database caching system for speeding up websites and networks, lets DDoS vandals amplify their attacks by an unprecedented factor of 51,000. That means a single home computer with a 100 megabit-per-second upload capacity from its ISP is capable of bombarding a target with a once-unimaginable 5 terabits per second of traffic, at least in theory. Following the discovery that DDoS vandals in the wild were abusing open memcached servers, researchers predicted a new round of record attacks. Two days later, DDoS mitigation service Akamai/Prolexic reported the 1.3Tbps attack against Github, just slightly topping previous records set in 2016.

On March 5, researchers from a separate DDoS mitigation service, Arbor Networks, reported a 1.7Tbps DDoS that also relies on the newly documented memcached amplification method. The attack targeted an unnamed customer of a US-based service provider. Despite being the largest reported DDoS on record, the customer and ISP reportedly didn't buckle.