DDoS attacks have increased a lot lately while the victim companies are trying their best to protect user data.
In a bid to extort money from big online services, cyber criminals have increased their intensity of DDoS (Distributed Denial of Service) attacks lately. RSS reader and feed-synching platform Feedly and popular note-making service Evernote are among the latest victims of such attacks. Some other recent victims of DDoS attacks include Meetup, Basecamp, Vimeo, Bit.ly, Namecheap, Plenty of Fish and Moz.
As the frequency of such attacks has increased, DDoS attackers have discovered new and more powerful ways of attacks by exploiting insecure internet protocols like NTP (Network Time Protocol). If such attacks had happened last year, they would be considered a great achievement in terms of exploiting IP security.
The recent DDoS attack on Meetup was one of attacks based on NTP DDoS attack which took the company's website and accompanying mobile services down for several days. Online security experts say that the NTP-style attacks are far too powerful than traditional DDoS attacks.
How does a DDoS attack work?
Basically DDoS attacks affect the web servers of an online service by sending huge amounts of traffic which can overload the receiving ports. This causes the servers to crash thus taking the website down with it. Earlier, attacks on DNS infrastructure was the favorite among DDoS attackers.
This map here shows a nice layout of where the sites are being hit with DDoS attacks every day. Experts say that most of the DDoS attacks have emerged from China which even though doesn't imply that the attacker may be based in China but the compromising PCs are running there.
Till latest reports, Evernote has tweeted that its up and running again even though users might face some "hiccups."
Evernote is up and running. There may be a hiccup or two for the next 24 hours. We appreciate your patience.
— evernote (@evernote) June 11, 2014
Feedly has said it take some time till the site is totally restored and also claims that users' data has not been compromised, according to its blog post.
Source: TechCrunch