Popular encrypted email provider Protonmail was this morning hit by the latest in a long-running serious of malicious attacks on its infrastructure.
The privacy-focussed Geneva-based email provider, which has some 500,000 users, has faced numerous DDoS attacks since being founded.
As one of the only email providers which owns and manages all of its servers and network components such as routers and switches, it is in a unique position – particularly since the company is its own internet service provider.
Our network has been under sustained attack this morning. We are working with our upstream providers to mitigate the attack. Emails are delayed but will not be lost. Thank you for your patience.
— ProtonMail (@ProtonMail) June 27, 2018
In 2015 its servers were hit with a 50Gbps wall of “junk data” that threatened to torpedo the company.
After initially paying a ransom following an attack that took its main data centre offline, the company faced a further week-long assault from another adversary that targeted 15 different ISP nodes simultaneously, then attacked all the ISPs going into the datacentre using a wide range of sophisticated tactics.
No ransom nor responsibility claim was made.
The company, born from work done at CERN, has since partnered with DDoS protection specialists, Israel-headquartered Radware, and uses BGP redirection and GRE tunnels to defend itself. Today’s attack slowed email delivery and its VPN for several hours, but did not result in the loss of any emails, Protonmail said.
“Our network was hit by a DDoS attack that was unlike the more ‘generic’ DDoS attacks that we deal with on a daily basis. As a result, our upstream DDoS protection service (Radware) needed more time than usual to perform mitigation,” a ProtonMail spokesperson wrote in an email. ”
“Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future. While we don’t yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS’s on record,” the spokesperson wrote.
Carl Herberger, Vice President for Security Solutions at Radware, earlier noted: “Corporations need to understand the severity of the Advanced Persistent DoS attacks, such as SMTP DoS, and review their security measures”.
“APDoS is akin to the way bomber aircraft would jam radar systems many years ago – the type of attack is so varied and frequent that it becomes near impossible to detect them all, and more importantly difficult to mitigate them without impacting your legitimate web traffic.”
DDoS Attacks Continue to Rise
The attack comes after a new report from Akamai revealed that there was a 16 percent increase in the number of DDoS attacks recorded since last year, with the largest DDoS attack of the year setting a new record at 1.35 Tbps by using a memcached reflector attack.
Akamai said in its State of the Internet report: “To understand the scale of such an attack, it helps to compare it to the intercontinental undersea cables in use today. The TAT-14 cable, one of many between the US and Europe, is capable of carrying 3.2 Tbps of traffic, while the Japan-Guam-Australia cable, currently under construction, will be capable of 36 Tbps. Neither of these hugely important cables would have been completely swamped by February’s attack, but an attack of that magnitude would have made a significant impact on intercontinental traffic, if targeted correctly.”
The company’s researchers also identified a four percent increase in reflection-based DDoS attacks since last year and a 38 percent increase in application-layer attacks such as SQL injection or cross-site scripting.