Reddit, Gov.uk, Spotify, PayPal And More Go Down In Fastly CDN Outage

By   ISBuzz Team
Writer , Information Security Buzz | Jun 08, 2021 03:40 am PST

BACKGROUND:

The popular websites including Reddit, Spotify, Twitch, Stack Overflow, GitHub, gov.uk, Hulu, HBO Max, Quora, PayPal, Vimeo, Shopify, and news outlets CNN, the Guardian, the New York Times, BBC, Financial Times are currently facing an outage. A glitch at Fastly, a popular CDN provider, is thought to be the reason, according to a product manager at Financial Times. Fastly has confirmed it’s facing an outage on its status website.

Subscribe
Notify of
guest
4 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
David Warburton
David Warburton , Senior Threat Evangelist
June 9, 2021 1:55 pm

<p style=\"font-weight: 400;\">The modern internet is approaching its 40<sup>th</sup> birthday. Despite its age, it still proves to this day how well it was designed, with many layers of resilience and redundancy.  In fact, the web as a whole was intended to be decentralised. By not relying on any one central system, it meant that many different components could fail, and internet traffic could still find a way to get where it needed to go. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">What we’ve seen over the past decade, however, is the unintentional centralisation of many core services through large cloud solution providers, like infrastructure vendors and CDNs. We can think of these cloud solution providers as the supermarkets of the web. Many of us appreciate the ease of buying groceries from one large store rather than visiting a dozen different ones on the high street. Similarly, these cloud solution providers deliver many benefits, such as simpler application deployment, reduced management complexities and economies of scale. </p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">In a traditional internet app deployment model, an outage of a server or misconfigured application might take out a single website. As we saw today, similar problems with a cloud solution provider can end up taking out all of their customers, resulting in not one website being taken offline, but hundreds or thousands. The impact can potentially affect organisations\’ digital experiences, revenues and reputations.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">Cloud solution providers provide immeasurable benefits to their users, but we shouldn\’t forget the lessons of the past. The “re-centralization” of the internet through these cloud solutions is now causing the very problems the original design of the internet was intended to avoid through redundancy. It’s important we consider an approach that moves us away from single points of failure or we will likely see more issues like we did today.</p>

Last edited 2 years ago by David Warburton
Jake Moore
Jake Moore , Global Cyber Security Advisor
June 9, 2021 11:25 am

<p>With so many websites funneling through just a small number of content delivery networks, CDNs, it highlights the sheer scale of what they signify in terms of internet infrastructure and the pressure on them to withstand an outage or attack. The impact from the Fastly situation will hopefully make procedures and restoring functions more streamlined and positively more proactive.</p> <p> </p> <p>Information security professionals are well prepared to expect the unexpected but even the most simple of mistakes can have huge consequences. Simulations help relieve the pressure in a live situation but even with protocol lined up it would have been a long hour reconfiguring the mishap.</p> <p> </p> <p>Time is money and never so much as on the internet. The financial impact will have been catastrophic every single minute and exponentially creeping up so insurance claims are now a distinct possibility so it is likely to have gained attention from malicious actors wanting to capitalise on any potential vulnerabilities on offer going forward.</p> <p> </p> <p>CDNs are part of the internet’s critical infrastructure and if threat actors hadn’t already cottoned on to this as a direct attack vector to bring down the internet, they will now after monitoring yesterday misfortunate events.</p>

Last edited 2 years ago by Jake Moore
Mark Rodbert
Mark Rodbert , Founder and CEO
June 8, 2021 12:39 pm

<p>It is remarkable that within ten minutes, one outage can send the world into chaos. This demonstrates the extent to which the move to the cloud has changed the things that companies need to protect.</p> <p> </p> <p>Whether the people inside a company or a supplier have made a mistake, or malicious perpetrators outside the perimeter have created the problem, it\’s so important that we create firebreaks in the system so that if one company, or even just one well connected employee is compromised, the whole system isn\’t brought to its knees.</p>

Last edited 2 years ago by Mark Rodbert
Jake Moore
Jake Moore , Global Cyber Security Advisor
June 8, 2021 11:40 am

<p>Whether it be malicious or otherwise, this highlights the importance and significance of these vast hosting companies and what they represent. It would be difficult to point the finger at an attack at this early development stage, but it cannot be ruled out due to the impact a potential attack could have. These middle suppliers are an easy target should they ever be hit with the perfect attack. Multiple areas will be significantly impacted as a result of this, along with an inevitable financial hit.</p>

Last edited 2 years ago by Jake Moore

Recent Posts

4
0
Would love your thoughts, please comment.x
()
x