Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Feedly, Evernote Hit With DDoS Attacks

RSS aggregator Feedly was hit with a distributed denial-of-service attack and an extortion demand today, both of which it is refusing to bend to.

RSS aggregator Feedly was hit with a distributed denial-of-service attack and an extortion demand today, both of which it is refusing to bend to.

According to the Feedly blog, cybercriminals began attacking the service at 2:04 a.m. PST and offered to stop the attack in exchange for money. The company refused to pay, and began working its network providers to mitigate the attack. In a message posted at 6:25 a.m. PST, the company wrote that it is making some changes to its infrastructure to bring the service back online.

“However, these things take some time to put into place and it may still be a few more hours before service is restored,” the company stated. “Thank you so much for your patience and for sticking with us. Remember, none of your data was compromised or lost in this attack.”

Joining Feedly among the ranks of businesses hit by DDoS attacks is Evernote, which was struck by an attack yesterday. It has since recovered.

“As is the nature of DDoS attacks, there was no data loss, and no accounts were compromised,” a spokesperson for Evernote told the BBC.

The exact size and nature of the DDoS attacks was not disclosed. Last month, security researchers at Akamai Technologies reported that they had observed a spike in Simple Network Management Protocol (SNMP) reflection attacks that started in April. In addition, researchers at Black Lotus predicted recently that new distributed reflected denial-of-service threats would likely lead to massive attacks in excess of 800 Gbps during the next 12 to 18 months. 

“A denial-of-service attack is unwelcome news, and angers customers who can’t access their data,” blogged security researcher Graham Cluley. “But it’s nothing like as bad as having your servers hacked and customer information stolen.”

Cluley blogged that he admired Feedly’s decision to ignore the demands of the attackers. Extortion schemes such as these are hardly new. Earlier this year for example, criminals targeted Basecamp and Meetup.com with DDoS attacks and issued similar demands.  

“It’s right not to give in to the blackmailers who are essentially running an extortion racket, demanding that the cloud service pay up or be taken offline with their DDoS attack,” he blogged. “The danger of paying DDoS blackmailers is that you’re only encouraging them to attack you more, perhaps increasing their financial demands next time.”

“Let’s hope that whoever is behind the Feedly attack is identified, and brought to book,” he added.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...