Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Feedly, Evernote Hit With DDoS Attacks

RSS aggregator Feedly was hit with a distributed denial-of-service attack and an extortion demand today, both of which it is refusing to bend to.

RSS aggregator Feedly was hit with a distributed denial-of-service attack and an extortion demand today, both of which it is refusing to bend to.

According to the Feedly blog, cybercriminals began attacking the service at 2:04 a.m. PST and offered to stop the attack in exchange for money. The company refused to pay, and began working its network providers to mitigate the attack. In a message posted at 6:25 a.m. PST, the company wrote that it is making some changes to its infrastructure to bring the service back online.

“However, these things take some time to put into place and it may still be a few more hours before service is restored,” the company stated. “Thank you so much for your patience and for sticking with us. Remember, none of your data was compromised or lost in this attack.”

Joining Feedly among the ranks of businesses hit by DDoS attacks is Evernote, which was struck by an attack yesterday. It has since recovered.

“As is the nature of DDoS attacks, there was no data loss, and no accounts were compromised,” a spokesperson for Evernote told the BBC.

The exact size and nature of the DDoS attacks was not disclosed. Last month, security researchers at Akamai Technologies reported that they had observed a spike in Simple Network Management Protocol (SNMP) reflection attacks that started in April. In addition, researchers at Black Lotus predicted recently that new distributed reflected denial-of-service threats would likely lead to massive attacks in excess of 800 Gbps during the next 12 to 18 months. 

“A denial-of-service attack is unwelcome news, and angers customers who can’t access their data,” blogged security researcher Graham Cluley. “But it’s nothing like as bad as having your servers hacked and customer information stolen.”

Cluley blogged that he admired Feedly’s decision to ignore the demands of the attackers. Extortion schemes such as these are hardly new. Earlier this year for example, criminals targeted Basecamp and Meetup.com with DDoS attacks and issued similar demands.  

Advertisement. Scroll to continue reading.

“It’s right not to give in to the blackmailers who are essentially running an extortion racket, demanding that the cloud service pay up or be taken offline with their DDoS attack,” he blogged. “The danger of paying DDoS blackmailers is that you’re only encouraging them to attack you more, perhaps increasing their financial demands next time.”

“Let’s hope that whoever is behind the Feedly attack is identified, and brought to book,” he added.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.