Comments by: Lotem Finkelstein, Head of Threat Intelligence at Check Point Software Technologies
While we don’t yet know the reason for the widespread outage at cloud service company, Fastly, it’s important to understand why the impact is so extensive. Fastly is a CDN – a content delivery network. CDNs generate replicas of original websites for the website owners to allow load balancing.
Instead of everyone all over the world accessing one centralised server and causing an overload, what they do is actually spread the load between different replicas. For example, the original server could sit in San Francisco, but there are replicas in Paris, Manhattan, Tel Aviv and Hong Kong. Everyone is routed to the nearest server to their device, and when a CDN fails, it means that all the replicas are unavailable and no one is able to see the content from the original server. It seems like Amazon, Reddit, Twitch and all these big sites have been attacked in unison, but they were not attacked. There is no outage for these companies. The only outage was at Fastly, the CDN that serves them.
We don’t yet know the reason for that and there are many possible answers, but it reminds us of a similar incident from October 2016, where the Mirai botnet infected several high-profile targets with distributed denial-of-service (DDoS) attacks. Mirai was an IoT botnet that took control of cameras and other such devices, making them send requests to take down Dyn, the DNS company that served many brands, including Twitter, BBC, Visa and Reddit.