The French audio streaming platform Deezer was the victim of a cyberattack on Sunday October 22, frustrating its users. More precisely, it was a DDoS attack, as crippling as it was common.
Between 8:00 a.m. and 12:00 p.m. this Sunday, Deezer suffered some serious shocks, due to a very classic cyberattack: a DDoS attack, known as “distributed denial of service”. Hundreds of reports notably filed on the site Downdetector and on social networks pushed the platform to communicate and recognize, something rare, the cyber incident without delay. What happened and what did the service face?
Deezer shaken by a cyberattack on Sunday
“ We are facing a DDoS attack which is causing disruption (…), we apologize for the inconvenience caused », explained Deezer in a first X.com (formerly Twitter) post on Sunday morning, before writing in the afternoon that the service was operational, and that it was operating normally again. But then, what is a DDoS attack?
Commonly, a distributed denial of service attack is defined as consisting of sending a very large number of requests to a target, generally a website, which saturates it and prevents it from functioning normally. A DDoS attack can, for example, be used to make an e-commerce site unavailable for several hours, thus causing a large loss of money. It can also hit a company to force it to pay a ransom. But did you know that there are several examples of DDoS attacks?
- The Traffic Flood Attack : we send a large number of requests to a website, and it becomes unavailable to legitimate users.
- The SYN Flood attack : Here, hackers flood a server by sending it a large number of connection requests, forcing it to exhaust itself trying to establish connections.
- The resource exhaustion attack : The attacker forces a server to exhaust its resources (like memory or CPU) by generating a large workload, causing a slowdown or crash.
- The HTTP Flood attack : a cyberattack that overloads a web server by sending a large number of HTTP requests, causing a crash.
No digital giant escapes DDoS attacks, not even Google
A single DDoS attack can last from a few seconds to a few minutes. At Deezer, the peak seems to have been reached around 11 a.m. on Sunday, if we trust the site Downdetector. And no one escapes it. Google Cloud recently suffered such an onslaught, peaking at 398 million requests per second, equivalent to Wikipedia’s total traffic over a month. Enough to make detection teams dizzy! Fortunately, the Mountain View firm is conditioned to repel such attacks. But Deezer was not this Sunday.
To protect against this, it is recommended to use a firewall and intrusion detection systems that filter malicious traffic. Implementing a network monitoring system to quickly detect traffic anomalies is recommended, as is using third-party DDoS mitigation services to balance and filter unwanted traffic.
Deezer, for its part, wanted to reassure its users about a possible data leak, which is not the primary goal of a DDoS attack. “ No user data has been leaked and all user accounts are safe », Explained the French company. All’s well that ends well then.
2