Evernote’s Major DDoS Hit And 3 Business Steps You Must Take
By Leo King, Forbes | June 11th, 2014
A major DDoS hit at Evernote, which for four hours prevented all of its 100 million note taking customers from logging in and continued to affect the company’s ability to operate, demonstrates a growing DDoS cyber war that businesses must learn how to win.
There is a choice between three essential steps that your business must take now, in order to reduce the chance of a successful DDoS attack, or mitigate the effects of any such ongoing problem. (see “Three Steps You Must Take” – below)
[UPDATE:] DDoS protection efforts may not always work, and are expensive, as readers point out. The steps may also suit larger businesses given the investment required. But with the risk of loss, many businesses are considering the options.
DDoS (distributed denial of service) attacks are fast becoming the number one cyber threat businesses face but have little idea how to tackle. Research now shows that nearly two thirds of companies were the victim of a DDoS attack last year alone, with the sizes of attack growing far more quickly than businesses’ network bandwidth.
The attack on Evernote, which is being beaten but continues to affect some users a day on, is “another example of how very established, long known types of attacks are becoming more widespread and common”, according to Adrian Davis, EMEA managing director at high profile security and training organization (ISC)2.
The Evernote security incident entirely prevented all of the company’s users from logging in for four hours, and many of those who did later achieve access experienced severe disruption to their ability to synchronize important organizational notes between their tablets, laptops and phones – effectively nulling one of the most important features of the technology.
Company spokeswoman Ronda Scott says Evernote uses “network-level technologies that are used to mitigate attacks like these”. She adds that “no accounts were compromised and no data was lost”.
Widespread DDoS Chaos
In a typical DDoS attack, cyber criminals take control of thousands of PCs globally, forcing them to ram a company’s network with hundreds of Gigabits of data, overpowering the company and disabling its infrastructure. They often demand huge amounts of money to stop the attack (in Evernote’s case, the company has not disclosed whether it knows the reason for the attack or if it received any demands from the criminals).
A recent report by real-time analysis firm Neustar states that over half of companies hit with a DDoS attack were subsequently the victims of financial, data or IP theft. Attacks generally last up to a day, but rely on huge bandwidth usage, with a paper by Arbor Networks noting that attacks of over 400 Gbps – enough to flatten almost any corporate network – are now increasingly common.
Losses can cost over $1 million per day, the research finds. In addition, consumer confidence is often irreparably damaged.
Davis at (ISC)2 says that while DDoS attacks tend to have a temporary disruptive impact, they “have been used in the past to distract from other attacks, such as a financial fraud”.
“We have seen quite a few attacks in the last two weeks,” Davis says. “There is a whole service industry providing botnet services; software tools, manuals and helpdesks providing for a market that consists of criminals, hactivists and so on, which is helping the proliferation of the attacks.”
Such services have been used to attack a variety of businesses right up to major US Banks, such as 2013 attack by the Cyber Fighters of Izz ad-din Al Qassam, who claimed credit for taking down the websites of more than a dozen US banks for hours at a time. Davis notes: “The largest of these types of attacks can even affect the internet itself, such as the Spamhaus incident last year [which slowed global web speeds].”
Randy Gross, chief information officer at technology industry body CompTIA, tells Forbes that with increased computing capability, bandwidth and targets, “it’s a nonstop war”. DDoS attacks, he says, “can be as straightforward as just knocking a website offline, or can quickly escalate to the ransom activities”.