News & Comment: Amazon invited DDOS attack on Prime Day
Amazon invited DDOS attack on Prime Day
NEWS: Amazon had a dodgy hour during Prime Day when their website was unresponsive and it looks like it potentially cost them around $75 million in lost sales. It was pretty much an Amazon invited DDOS (distributed denial of service) attack. Those who are older will remember the days when the entire Internet used to run slowly in the UK late afternoon – just about the time that both the West and East coast of America all came online. Those days are gone as Internet capacity increased, but Amazon runs on their own private infrastructure (which they also rent out as Amazon Web Services) and it looks like, with the massive hype they created about Prime Day, that they broke their own website. It’s not much difference to a DDOS attack which is where a hacker gains control of millions computers and fires requests at a single website flooding it with traffic so
COMMENT:
Sean Newman, Director Product Management, Corero Network Security
“Although Amazon appears to have been a DDoS victim of its own making, this just goes to show how even an organization with such immense resources can still be vulnerable to denial of service attacks. And, when you look at the estimated potential financial impact of this, it’s not difficult to understand why organizations which rely on delivering online services cannot afford to be vulnerable to DDoS attacks. Plus, there are two sides to risking such obvious and significant financial impact: firstly, if you get attacked, there’s the direct impact but, secondly, you lay yourself open to DDoS for Ransom. With such significant, and easily calculable, revenue at risk for every minute of downtime, a potential DDoS attacker can readily size a ransom demand which is way less than the sum at risk but, still presents a healthy return for the cyber-criminal, should an organization feel the need to pay-up, to keep the business online. Of course, the alternative is to deploy the latest generation of real-time, automatic DDoS protection and know you can safely ignore any such demands.”
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.