DDoS attacks knock Feedly offline for second day running
RSS service restored after four hours offline as extortion scheme continues
Computerworld - RSS aggregator Feedly today went dark for the second time in two days as another wave of distributed-denial-of service (DDoS) attacks knocked it offline.
At approximately 10:30 a.m. ET (7:30 a.m. PT), Feedly acknowledged that it had again been targeted by cyber criminals, who seem bent on crippling the RSS provider.
"The ops team has reviewed the attacks and is working on building a second line of defense to neutralize this second attack," said company officials, including Edwin Khodabakchian, Feedly CEO, in a brief status update on the firm's blog.
After a four-hour outage, Feedly was restored at 2:30 p.m. ET, 11:30 a.m. PT.
On Wednesday, Feedly was offline for about 13 hours after a DDoS attack kicked off overnight.
"The second line of defense is up and wave #2 has been neutralized," the company said today.
Yesterday, Feedly said that the attackers had demanded payment to stop their DDoS assault. Feedly rejected the blackmail attempt. "We refused to give in," said Khodabakchian.
It's not unusual for sophisticated DDoS attackers to swamp servers as part of an extortion plot, even though many attacks are politically or ideologically motivated, and no demands are made. The high-profile attack against Feedly -- which assumed the most-popular RSS aggregator mantle after Google pulled the plug last year on Google Reader -- may tip more criminals toward a ransom strategy.
"Although Feedly came out and said they wouldn't pay, we will likely see an increase in this type of behavior and incentivize more attackers to launch DDoS attacks that have ransom demands attached to them," argued Fred Kost, vice president of security solutions at Ixia, a California vendor that sells network testing, monitoring, optimization and security products.
"These criminals are determined to try to extort some money and we are determined to say no to extortion and focus on building a stronger Feedly instead," the firm pledged today.
Third-party RSS applications, which use Feedly as either their only feed source or one of several, were also unable to collect updates from Feedly during the two outages.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts