Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 28 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

20GB DDoS knocks Basecamp offline after blackmail refusal

by The Gurus
October 20, 2020
in Editor's News
Share on FacebookShare on Twitter

Project management website Basecamp was hit by a 20 Gbps distributed denial-of-service (DDoS) attack and blackmail attempt yesterday.

In a statement, Basecamp said that the attack targeted the network link between its servers and the internet. “This is like a bunch of people blocking the front door and not letting you into your house. The contents of your house are safe – you just can’t get in until they get out of the way,” it said.

“We’re doing everything we can with the help of our network providers to mitigate this attack and halt the interruption of service. We’re also contacting law enforcement to track down the criminals responsible. But in the mean time, it might be a rough ride, and for that we’re deeply sorry.”

Basecamp said that the attack began at 8.46am central time (1.46pm GMT), and was over around an hour later. “There is unfortunately no single, quick fix to these attacks, so we regretfully ask for your patience in advance. As said, we’re doing everything we can, and will work as quickly as possible, but it’s impossible to give a clear timeline for ultimate resolution.”

The statement said that it would never negotiate with criminals, and would not “succumb to blackmail”. Within ten minutes of the attack beginning, Basecamp said that those delivering the DDoS hit other websites last week, and it encouraged other websites to get in contact so it can compare notes on both technical defenses and the law enforcement effort to hunt them down.

Daniel Korel, security analyst at DOSarrest Internet Security, said that it is fairly easy for someone with relatively little knowledge and malicious intent to rent a botnet or exploit known vulnerabilities in public systems, generating large amounts of traffic at their target.

“With the anonymity of the internet to hide behind, it can be an attractive proposition for an attacker to attempt to extort a high-traffic websites such as Meetup and Basecamp for money,” he said.
David Heinemeier Hansson, founder & CTO at Basecamp, said that the attackers tried to extort it for money, it refused to give in and worked with its network providers to mitigate the attack.

“We’ve been in contact with multiple other victims of the same group, and unfortunately the pattern in those cases were one of on/off attacks. So while things are currently back to normal for almost everyone (a few lingering network quarantine issues remain, but should be cleared up shortly), there’s no guarantee that the attack will not resume,” he said.

Russ Spitler, VP product strategy at AlienVault, said: “DDoS is a rather unsophisticated attack and unfortunately these days, the easy access to distributed botnets or amplification techniques make large scale attacks feasible for rather insignificant attackers. I applaud the fact that Basecamp refused to negotiate with these attackers – just like kidnapping we won’t see the end of this type of exploitation disappear until we have a consistent ‘no-negotiation’ policy across the internet.

“The shame of this type of attack is small companies like Basecamp are stuck between paying for protection or paying the attackers. My guess is that our small unsophisticated attackers are picking on the businesses they know, which unfortunately will mean that tech oriented businesses will be on the frontline of this.  From a technical perspective there is no real weakness that these organisations have above and beyond the typical small business.

“ Looking to the future
you really hope that ISPs start playing a bigger role in mitigating these types of attacks.  We currently pay them for bandwidth, but in the future I would hope that they do more to guarantee that it is good bandwidth.”

FacebookTweetLinkedIn
Tags: DDoS
ShareTweet
Previous Post

Now Tumblr gets two-factor authentication, boosts security for users against account hijacks

Next Post

Microsoft issue emergency fix for RTF zero-day

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information