A DDoS attack targeted at one web site is bad enough. But what happens when that single attack poses the distinct possibility of doing even more damage than originally intended. The kind of collateral damage I'm talking about is very real when you take into account IT architectures reliant on shared services.
Shared services include anything that serves more than one application or set of users, for example: network infrastructure, network bandwidth, market data and other sources of information and domain name servers.
And while shared services can benefit an organization by bringing down IT costs, creating resource efficiencies and shrinking the IT footprint, in the case of a DDoS attack, there can be significant disadvantages. An attack on an organization with a healthy amount of shared services has the capability to cause unforeseen outages across a wide number of applications, users, and geographies.
In this post I'll present three cases in which a DDoS attack impacted a shared service, knocking out applications far beyond the attack target. In each of these cases, the companies were not using Akamai to protect the systems under attack.
Case #1
Attack: DDoS attack on Brazilian bank subsidiary
Result: US Bank knocked out due to shared infrastructure in its data center
In this first example, we documented a DDoS attack that was launched at a bank in Brazil. This was a relatively simple attack against the home page of the Brazilian site.
Because the Brazilian website shared network infrastructure in one of the bank's global data centers, the US banking web site was also brought down. The attackers had no intention of bringing down the US site. But because of the weak link in shared services - in this case the networking capacity in the data center - this major US bank was brought down by a group of teenagers in Brazil.