Death by a thousand packets

Last night some negative actors (or bored teenagers) were hard at work launching distributed denial of service attacks against the popular note taking site, Evernote and the RSS aggregator, Feedly

crushyourhead

Last night some negative actors (or bored teenagers) were hard at work launching distributed denial of service attacks against the popular note taking site, Evernote, music site, Deezer and the RSS aggregator, Feedly. 

Evernote didn't have much information posted about their attack at the time of this writing with the exception of three posts in their Twitter timeline. The details are unclear in the particular instance. 

 

evernote

They are now back up and running. Feedly also suffered an attack last night. In this case they were being attacked by criminals who were demanding that they pay a ransom or be knocked offline. To their credit they told the criminals to go pound sand. 

 From Feedly: 

2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.

Good for them. This is a problem that won't go away. If you pay once there is nothing to stop them from returning for more money later. 

This week Akamai (full disclosure: my day job) released an advisory discussing this very problem. There has been a noticeable increase in attacks that were extortion based.

From Akamai:

Attackers are using reflected UDP to launch direct-to-origin denial of service attacks at e-commerce sites, then demanding payment to stop the attacks, CSIRT's Mike Kun wrote in an advisory.

"We have seen these extortion attempts target e-commerce and retail sites, as well as online collaboration sites, but all sectors are vulnerable," Kun wrote. 

So, this begs the question. What are you doing to defend your site? Fairly safe to say that this problem won't get better any time soon.

(Image used under CC from Morgan)

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.