Evernote Knocked Out By DDoS

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Cloud service went down as a result of a DDoS attack launched late yesterday

Cloud productivity software provider Evernote was hit by a distributed denial of service (DDoS) attack yesterday, affecting the service through to this morning.

The company reported the attack last night, after people complained of not being able to access the service online and being prevented from syncing files. Evernote has a client that can be used to host files natively.

Evernote DDoS trouble

EvernoteAt around midnight in the UK, Evernote said it was dealing with an “issue” and the service was unavailable.

An hour later, the company tweeted: “We’re actively working to neutralize a denial of service attack. You may experience problems accessing your Evernote while we resolve this.”

At around 4am, the company tweeted again: “Evernote is up and running. There may be a hiccup or two for the next 24 hours. We appreciate your patience.”

There is little indication of who was behind the attack, itself a concern as it’s proven big cloud services can be knocked offline by a DDoS, where networks are overloaded with traffic.

DDoS attacks have been given turbo boosts in recent months through amplification, where attackers are able to reflect traffic from servers, such as those running the Network Time Protocol, that generate massive responses from small requests, before diverting the masses of data back to their target.

“What is unclear is why Evernote was targeted. Frequently denial-of-service attacks might be instigated by hackers who have a grudge against a particular company or user of the company’s service, or with the intention of extorting payment for a return to normal service,” said independent security expert Graham Cluley in a blog post.

Fortunately for Evernote and its customers, no data was actually taken due to the nature of the attack, unlike an event last year, when the company asked its users to change their passwords following a breach.

After finding some anomalies on its network, it ordered the password reset, but said there was no evidence of hackers accessing private user content or payment details.

How well do you know Internet security? Try our quiz and find out!

Read also :