June 11, 2014
Evernote, Feedly Both Affected By Distributed Denial Of Service Attack
Peter Suciu for redOrbit.com - Your Universe Online
On Tuesday Evernote reported it was hit with a distributed denial of service (DDoS) attack, and it was unavailable for most of its 100 million users. The service announced the outage on Twitter on Tuesday evening.
"We're actively working to neutralize a denial of service attack. You may experience problems accessing your Evernote while we resolve this," read the company's tweet at 4:38 pm PT.
An hour later, the popular online note-taking service confirmed it was the victim of a DDoS attack. Evernote spokeswoman Ronda Scott told Cnet on Tuesday evening that the attack began around 2:35 pm PT, but the company had the problem resolved by 6:15 pm PT.
"We expect that there may be a hiccup here and there in the coming hours, but Evernote is now accessible," Scott told Cnet. "We do not know its specific origins and this is the first time Evernote has been impacted by a DDoS attack. I can confidently report as is the usual case with these types of attacks, no accounts were compromised and no data was lost."
That could have been the end of the story, but on Wednesday morning the website Feedly was also hit by a DDoS attack. However, this was no mere attack. It was actually conducted to hold the site for ransom, with attackers demanded payment to stop it.
"Criminals are attacking Feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can," Feedly CEO Edwin Khodabakchian posted at just after 2:00 am PT on Wednesday morning. "We are working in parallel with other victims of the same group and with law enforcement."
By 6:30 am PT the company was able to confirm it was making changes to its infrastructure to bring the service back online.
“It appears as though we are seeing another example of a damaging DDoS attack, impacting revenue generating web properties," said Dave Larson, CTO of Corero Network Security. "With over 100 million users worldwide, Evernote most likely manages significant infrastructure to support all of their customers. A DDoS attack that could take a network of this size and sophistication down had to have been significant and complex.
"The attack began yesterday afternoon, and within just a few hours after the attack had been identified, Evernote was able to successfully mitigate the attack, and resume services," Larson told redOrbit via email. "Evernote most likely had an effective incident response plan in place to deal with such situations and were therefore able to ensure that service disruption was kept to a minimum."
DDoS attacks do not typically cause breaches of user data but instead overwhelm a company's servers with a massive amount of data – which in turn makes it impossible for the site to be accessed by legitimate users.
"The companies have suggested that the DDOS attacks are being perpetuated by an unknown entity demanding payment for [sic] to stop," said Charles King, principal analyst at Pund-IT. "That makes this an example of online extortion with the perpetrator being little more than a bully asking for a smaller kid's lunch money or a thug offering business owners 'protection' against damages to their places of business."
Just as the thug can ruin a business, so too can this type of attack, warned King.
"Those are pretty conventional scenarios but where the Evernote and Feedly examples become concerning is in the competitive nature of online business," King told redOrbit. "Service providers like Evernote and Feedly succeed by delivering easy, seamless access to simple, common services. If those services are interrupted for sustained periods, the companies' customers will probably consider, try and perhaps stay with new services. That makes these attacks more serious than simple theft since, if unchecked, they could result in significant financial and competitive losses."
Moreover, "Ransom attacks are a large threat to the growing digital economy," added Chris Morales, practice manager for architecture and infrastructure with security firm NSS Labs. "While old in nature, the discovery of new ways of performing DDOS attacks with unsecure internet protocols (NTP) requiring small requests that lead to massive traffic spikes, a large number of infected devices on the Internet participating in botnets where the attacks emanate simultaneously, and now common usage of multi-vector DDOS attacks, make DDOS attacks very successful and difficult to defend against.
"It is worth noting that Evernote operates its own infrastructure as of 2011 and no longer uses cloud infrastructure," Morales told redOrbit. "While not a statement of better or worse capabilities, it would be interesting to me to know what their total bandwidth capabilities are in relation to what a cloud computing provider could offer."
This is not the first high-profile attack on Evernote. The website last year was the victim of a cyber-attack that compromised the company's servers. In that attack the hackers were able to access usernames and email addresses in addition to encrypted passwords.
PROTECT YOURSELF TODAY - Norton Antivirus