The cloud-based news and information aggregating service Feedly was knocked offline for an extended period of time earlier this week when it suffered an aggressive distributed denial-of-service attack.
The strike included the attackers asking for a ransom in exchange for stopping the service disruption, but Feedly officials said in a statement that they had no intention of paying the criminals. They went on to say that the site was working with law enforcement and other DDoS victims from the same group. The site was able to make changes to its infrastructure to restore accessibility, but many of Feedly’s 12 million users were left without account access during the attack. A few hours after the strike was initially announced, services gradually became available.
“Criminals are attacking Feedly with a distributed denial-of-service attack,” the site wrote in a blog post. “The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best we can. We are working in parallel with other victims of the same group and with law enforcement. Please know [your] data is safe and you will be able to re-access your feedly as soon as the attack is neutralized.”
The note taking app Evernote and music-streaming service Deezer also fell victim to DDoS attacks this week, presumably perpetrated by the same group.
DDoS attacks on the rise
DDoS attack do not require much skill, and many don’t consider them to be hacking because a target’s security is never bypassed. Even so, they are an effective way of getting attention and causing problems for millions of users, and because of that, they’re use won’t be going away anytime soon. In fact, the past few years have seen the power of DDoS strikes dramatically increase.
The power of an average attack more than doubled between 2011 and 2013, going from 4.7 gigabits per second to 10.1Gbps, according to Verizon’s data breach investigation report published in April. Attacks of 100 Gbps or more are becoming increasingly common, and some as high as 400 Gbps have been documented.
The growth in attack power is due to the new strategy of attackers using super botnets made of servers, which have greater orders of magnitude in bandwidth and processing power than traditional botnets. Automated exploit kits have also added to the increase in severity, as they are easily available in underground forums. Use of amplification methods is growing as well, where attacks are altered to abuse the Internet’s network time protocol and target poorly secured domain name system servers.
Ransom demands don’t always accompany DDoS attacks, but are the trademark of financially motivated cybercriminals. Marc Gaffan, chief business officer and founder of anti-DDoS provider Incapsula, told Dark Reading that attackers typically demand intentionally low amounts, between $300 and $800, so targets will pay the money quickly and avoid a lengthy standoff. However, there is still the occasional attacker that asks for an exorbitant amount of money and won’t end the disruption until it’s paid.
“A lot of software-as-a-service companies are getting extorted and, believe it or not, for ridiculous amounts of money,” said Gaffan.
Feedly and the other victims haven’t released details on the strikes, but Gaffan believes they are likely network-based mixed with elements of a layer seven attack that overloads an application’s servers.
DDos expert and principal strategist for F5 Network Barrett Lyon agreed that Feedly probably suffered a multi-pronged attack, especially due to the fact that it took so long for the network to recover.
“It could be going to all kinds of different layers of their network,” said Lyon. “We are seeing mixed attacks” that are a combination of NTP and DNS reflection and application layer attacks. “They typically go after several sites in the same community and end up focusing on one site, moving on to another. The sites go up and down at various times.”
Protecting enterprise networks
While the frequency of DDoS attacks is increasing, a reliable way to protect enterprise networks from being affected is employing a dedicated private cloud solution. The majority of cloud-based applications being targeted are public services, leaving them more vulnerable to attacks. The likelihood of attackers targeting a dedicated enterprise network is much less than a public service, because the overall effect would be smaller. Private cloud platforms allow the same mobility and flexibility as public options, but offer greater privacy and security.