The popular news aggregator Feedly is being targeted by criminal elements in a distributed denial of service (DDoS) attack extortion scheme that had temporarily rendered the service inaccessible by its users.
“Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can,” company representatives said in a statement.
The attack began just hours after Evernote, the online “remember everything” service, suffered a similar denial of service attack, though it is not clear at this time if the two events are connected.
“Evernote service is currently unavailable. We are working to resolve the issue. Updates to follow. Thanks for your patience,” the company said in its status portal. “We’re actively working to neutralize a denial of service attack. You may experience problems accessing your Evernote while we resolve this.”
Given that Feedly’s statement made note that the company was “working in parallel with other victims of the same group and with law enforcement,” and Feedly and Evernote work closely in the services they provide users, it is probable the same attackers are targeting both organizations.
“We’re making some changes to our infrastructure that will allow us to bring feedly back online. However, these things take some time to put into place and it may still be a few more hours before service is restored. Thank you so much for your patience and for sticking with us,” Feedly said. “Remember, none of your data was compromised or lost in this attack.”
Incapsula’s Marc Gaffan says that while the attacks on Feedly and Evernote are important and troubling, he noted that they were executed in the same week that Anonymous announced they were prepping a widescale attack on FIFA’s World Cup sponsors is even more troubling.
“Often prior to a large attack, hackers will engage in preliminary attacks to flex their muscles. Guaranteeing that when the real strike comes, all resources will be working at their highest capacity,” Gaffan said.
“Further evidence of this is that some of the official government sites we work with have seen an escalation in DDoS activity in the last week. What we’re seeing with Evernote and Feedly might just be a prelude to the real show.”