"We are seeing continued DDoS attacks against our infrastructure and are working with our network provider on mitigation strategies. Our team are working hard to provide stability."
As a paying customer, this is starting to get irritating. Dumping them for another email provider doesn't seem like the right solution though, as this could happen to any provider. On the other hand, these are the situations that I am paying them for, to take care of for me, so that I don't have to administer my own email server.
Which is probably one of the counter-arguments driving the global consolidation toward services owned by megacorps. This, in turn, contributes to the smaller/independent alternatives to become more prone to this sort of situations. And the cycle begins again.
Oh yeah, our support team is worth their weight in gold. They're all real people who know an awful lot of arcana about the nuts and bolts of email, and much more friendly and helpful than if I needed to talk to our customers on a regular basis!
And in times like today, it's so nice to be able to say "hey, $person_working_now, could you deal with fastmailstatus.com and Twitter please?" and the engineering staff don't even have to think about it!
To be fair, you could trace these transactions, and any from the address that receives them. It seems much better to use Monero or something if you intend to be nefarious. This is probably just ill thought out.
I don't understand how this works from the ransom email given. Anyone could send that email. It is because it is the first email? Otherwise why doesn't absolutely everyone send their own bitcoin address to any entity that seems to be having some sort of problem?
It's becoming a pattern in the last few weeks. Fastmail manages my business email which is causing quite the annoyance.
According to the article, this is targeting multiple "privacy and security-centric email services". What are the odds this is a coordinated attempt to drive folks to less secure, or bigger corporate services?
I can't think of any reason any intelligence agency in the world would want others using small, "privacy and security centric" (whatever that means? If your email is at any point unencrypted, it's not secure nor private) providers.
Cloud email providers were a dream come true to the world's intelligence agencies and law enforcement.
I could be wrong/naive but aren't most DDOS attackers using a bunch of cheap VMs on the cloud to create a distributed network to attack ? Can these providers not do a better job of identifying the culprits and shutting them down ? I doubt it is easy to create Distributed-DOS if access to cheap VMs are restricted.
IoT devices get infected because they usually use common software stacks that go un patched. There's crawlers always doing their thing and looking to pop these.
By the way, is the “yet” what is regarded as “editorialized”? There’s hardly any “original title”, apart from frequently changing status updates in the body.
I believe it was the “yet again”, which implies that it is down frequently.
Personally this is the first time I see it down, even though I heard that I had another incident recently.
I'm actually seeing the service coming back online for me now. Not ideal because I am actually doing some fairly urgent stuff over email this afternoon, but I am satisfied with the response from Fastmail. They acknowledge the issue quickly, and provided some specifics shortly after that. The total amount of time the service was unavailable for me was under 2 hours.
WFM, at least right now. Sending an email from gmail to fastmail took a bit longer (~25 seconds) than usual, but it got there. The web interface is fast.
Fastmail is great at reacting and transparently informing users. This is something I'd love to see "normalized" so users could efficiently assess service providers reliability.
DDoS attacks are oftentimes a cover for other cyberattacks. While IT teams are dealing with the DDoS attack, the main hack is going on silently in the background hidden by the "noise".
Oftentimes as in the definition of frequently or in many instances. There are no stats of it being anywhere near a majority though. It is a classic subterfuge trick.
Among the reasons cybercriminals love DDoS:
2)
It gives them a convenient smokescreen.
Cybercriminals like to create confusion - and they sometimes turn to DDoS attacks to distract and misdirect resource-deprived organizations from their primary goal: to pillage sensitive data. DDoS attacks are optimal subterfuge because they create noise and chaos that will attract the brunt of attention from your IT staff, leaving wide open the opportunity for your foes to simultaneously infiltrate your network and mask data exfiltration.
3)
It can be the digital pretext to a physical attack.
Sometimes a DDoS attack is merely a means to an end. Earlier this week our SpiderLabs team revealed a web-based vulnerability in a popular brand of printers that could result in denial-of-service attacks. Our researchers theorized that attackers could launch the printer attack and show up at the target organization pretending to be the "technician" called to fix the problem. This impersonation could net them direct physical access to IT resources that they might never have been able to access remotely.
72 comments
[ 3.4 ms ] story [ 132 ms ] threadhttps://www.fastmailstatus.com
https://protonmail.com/support/knowledge-base/email-ddos-pro...
It's not bottom of the barrel outsourced "customer service" designed to point people to FAQ articles. It's professionals who work as professionals.
I'm sticking with Fastmail for now.
And in times like today, it's so nice to be able to say "hey, $person_working_now, could you deal with fastmailstatus.com and Twitter please?" and the engineering staff don't even have to think about it!
People want money. Motivation is as old as time.
> As a user this is extremely inconvenient.
Lol well yes that’s the aim!
Edit: Spoke too soon. Getting errors now.
"Victims were targeted with a DDoS attack, and an email was later sent to the organizations, asking for a 0.06 BTC (~$4,000) ransom demand."
Four thousand dollars. I guess they were trying to shoot low in hopes of a quick payment?
Also, Runbox posted a copy of the ransom email: https://blog.runbox.com/2021/10/runbox-is-under-attack-by-ex...
Warm them up to the idea of capitulation?
"Give me $50 or I break the windows in this place!"
Next week:
"Give me $75 or I break the windows in this place!"
edit: not a crypto fan personally.
Bitcoin makes it easier.
(nothing personal, plenty of people use it but it is so illogical that it wild be unethical not to protest)
https://capitalgram.com/posts/how-to-money-launder-bitcoin/
For example, the REVil author is known
https://threatpost.com/revil-ransomware-core-member/175863/
It is all about geopolitics, privateering and for Russia and China to see incompetent Western companies to suffer.
So it's sent prior to the attack.
According to the article, this is targeting multiple "privacy and security-centric email services". What are the odds this is a coordinated attempt to drive folks to less secure, or bigger corporate services?
Cloud email providers were a dream come true to the world's intelligence agencies and law enforcement.
Can't really blame them, though, not much you can do with cannons pointed at you. I'm sure they'll be back up soon.
https://protonmail.com/support/knowledge-base/email-ddos-pro...
https://news.ycombinator.com/item?id=29058685
A week ago, there was a post titled “Fastmail is having problems again”, so today, “yet again” seemed adequate:
https://news.ycombinator.com/item?id=28963609
And, as a customer, I’ll stand by their efforts not to capitulate.
Fastmail, Runbox, and Posteo under DDoS extortion attack - https://news.ycombinator.com/item?id=28968046 - Oct 2021 (123 comments)
Fastmail is having problems again - https://news.ycombinator.com/item?id=28963609 - Oct 2021 (132 comments)
We're seeing an ongoing attack against our primary network provider - https://news.ycombinator.com/item?id=28952954 - Oct 2021 (87 comments)
Among the reasons cybercriminals love DDoS:
2) It gives them a convenient smokescreen. Cybercriminals like to create confusion - and they sometimes turn to DDoS attacks to distract and misdirect resource-deprived organizations from their primary goal: to pillage sensitive data. DDoS attacks are optimal subterfuge because they create noise and chaos that will attract the brunt of attention from your IT staff, leaving wide open the opportunity for your foes to simultaneously infiltrate your network and mask data exfiltration.
3) It can be the digital pretext to a physical attack. Sometimes a DDoS attack is merely a means to an end. Earlier this week our SpiderLabs team revealed a web-based vulnerability in a popular brand of printers that could result in denial-of-service attacks. Our researchers theorized that attackers could launch the printer attack and show up at the target organization pretending to be the "technician" called to fix the problem. This impersonation could net them direct physical access to IT resources that they might never have been able to access remotely.