Content Delivery Network
No major attack against website operators
By Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software Technologies
Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software Technologies
After the failure of the cloud service company Fastly, which led to the temporary inaccessibility of many large websites, a similar disruption happened a few days later. The sites and apps of many corporations were no longer accessible. Among them are major US airlines, such as Delta Air Lines, and Australian banks. In addition, the side of the Hong Kong Stock Exchange failed.
It is the second time this month that the world is experiencing a major outage of many Internet offerings, and once again the cause is to look at one of the leading content delivery network (CDN) providers. This time, an incident in the Akamai Distributed Denial of Service (DDoS) mitigation platform called Prolexic caused many websites to become unavailable. Although it now seems that these companies experienced a well-coordinated failure at the same time, but in fact it is a fault with the CDN provider. Meanwhile, it looks as if the cause has been fixed and the affected companies can go back online.
In this context, it is important to understand the function of a CDN: they create replicas of web pages for their owners to enable load balancing. Thus, not every user of this world has to access a central server, which can cause an overload at high access rates. Instead, the requests are spread across different replicas that are on other servers – even in other countries. For example, the original server of a site could be in San Francisco, but there are replicas in Paris, Manhattan, Tel Aviv and Hong Kong. Everyone is directed to the server closest to their device, which greatly speeds up the connection. If the CDN fails, all replicas will no longer be available and no one will be able to retrieve the contents of the original server.
The cause of the outage is still unknown and there are many starting points, but the event is reminiscent of a similar incident in October 2016, when the Mirai bot network paralyzed several high-profile targets with distributed denial-of-service (DDoS) attacks. Mirai was an IoT bot network that gained control over cameras and other networked devices, causing them to send requests to a specific server, Dyn’s, to shut it down. This is a DNS company that serves many brands such as Twitter, BBC and Reddit.