The recent attacks on Evernote and Feedly demonstrate how a well-placed DDoS attack can affect users all over the world. The two popular services suffered service interruptions as criminals carried out a DDoS attack in an attempt to extort a ransom. Feedly refused to pay and was able to bring its service back online after several hours. Evernote was only offline for a short time, with sporadic service problems throughout the day. Evernote has not commented on any demand for ransom.
DDoS attacks are increasing in scope and frequency, but unless you're in a related industry or you're a tech savvy individual you probably haven't noticed. Today's consumer is aware of ID theft and similar crimes, but not as familiar with DDoS. That's going to change as stories of DDoS related crimes creep into mainstream news.
Evernote has over 100 million users as of May, and Feedly boasts 15 million users as of April. These services are designed for consumers, prosumers, and company teams through Evernote Business. Almost every type of individual on the Internet was affected by a DDoS attack over the past couple of days. Many of them will be hearing about DDoS attacks and botnets for the first time this week.
It's important to note that Evernote and Feedly have both stated that no user data was compromised. It's equally important to note that DDoS attacks are often used to distract the victim from the real purpose of the attack, and that sometimes intrusions and data loss aren't discovered for years.
So as a business, what can you do to protect your applications from DDoS attacks? I'm always going to start by recommending a Barracuda Web Application Firewall, which has multiple layers of DDoS protection. Network security devices like the Barracuda Firewall and Barracuda NG Firewall will also protect your company from DDoS attacks, intrusions, and data loss.
Make sure that you have plenty of bandwidth. The more bandwidth you have, the harder it is for a DDoS attack to block traffic. You're going to see some additional costs here though, and bandwidth can get expensive. You should also talk to your ISP about DDoS mitigation. Find out what they can do to help you in the event of a DDoS attack.
You should also be sure to prepare for an attack in advance. Benchmark your traffic and set up triggers to alert you when there is a spike. Know how to identify an attack pattern (aka ‘fingerprint') and how to block that pattern in your firewall and other devices. Create a response plan in advance so that you know how to deploy your resources in the event of an attack.
Barracuda can help protect you from these attacks. Get us on the phone or just order a 30-day risk-free demo unit to learn how our DDoS protection works. Our solutions are powerful, affordable, and easy to use.