More e-tailers suffer disruption after Aria DDoS sting
Overclockers becomes latest UK e-tailer to suffer website disruption this week
More e-tailers suffered disruption to their websites today - a day after CRN revealed that a Bitcoin-based DDoS attack was responsible for bringing down Aria Technology's website on Tuesday.
Novatech and Scan took to Twitter yesterday to inform their readers that their sites had faced disruption, and CRN understands that CCL also encountered website problems this week.
Now Overclockers has become the latest e-tailer to suffer disruption, with the gaming PC specialist's website going down for several hours today (as we went to press it was back up and running).
The firm tweeted today:
When approached, a representative from Overclockers said the company "does not wish to comment on an ongoing situation".
Fellow PC builder and e-tailer Novatech has again faced website disruption today, with its site also down at the time of publication. Novatech was unavailable for comment but confirmed on its Facebook page that a DDoS attack was to blame.
"Due to a DDos attack our website is currently unavailable, these attacks are only designed to make our website inaccessible, they are not attempting to breach our network, all our customer data is completely secure," the statement on Facebook read.
"For any orders you can contact our sales department on 02392 322 500 and choose option 1.
"Thank you for your patience."
Aria Taheri, Aria's eponymous boss, said yesterday he believed the website trouble suffered by his competitors earlier this week was caused by the same attackers behind the DDoS hit on his firm.
Taheri said his firm has received an email from hackers demanding the payment of 16.66 Bitcoins (£2,871.43) otherwise it would face further disruption. In response to this, he announced a bounty of £15,000 on any information regarding the hackers.
Igal Zeifman, senior digital strategist at database security vendor Imperva, praised Taheri's strategy, in a statement released today.
"By refusing to pay the ransom and instead posting a bounty, Aria is taking similar steps to other organisations which have fallen victim to DDoS extortionists," he said. "Striking back against these attackers is definitely the right thing to do. Despite the frightening threats, our experience has shown us that these attacks tend to be unimpressive and can be mitigated with ease using the proper solutions."
David Lannin, director of technology at security VAR Sapphire, said the kind of DDoS attack Aria suffered is increasing.
"They [DDoS attacks] are certainly on the rise and becoming more and more prevalent. We are increasingly being asked not just how to protect our customers from standard types of malware threats but also how do we ensure continuity to business as well? That's really where DDoS comes into play."
Lannin (pictured) said vendors' technology has also matured in this space and is becoming more aware of the different layers of traffic and not just the capacity question.
He added that online retailers are particularly exposed to these sorts of attacks, because of the complexity of their infrastructure and the nature of their websites.
"Electronic retailers tend to be the type of market that push the boundaries in terms of what you can do with online web services - they are fairly advanced compared with a lot of other sectors," he said. "For public or private sectors, with the exception of things such as transaction-based services for banking, most of their web content is fairly static, so you would be looking at attacking the underlying web applications or structure."
"Whereas if you are looking at online retailers, because their web applications are much more sophisticated, they are potentially prone to have faults within the applications. So I would say application testing is something these retailers need to set up and pay attention to."