Remember when the New York Times and BBC websites went down in June this year? They were not the only major websites that suffered unexpected downtime on the same day. Many others including the Financial Times, The Guardian, and Le Monde went offline. So did the popular Reddit platform.
Many initially thought that there was a concerted attack against these multiple Western sites. The suspects ranged from state-sponsored hackers to hacktivists that supposedly sought to “punish” the mainstream media. The real story, however, is not as nefarious as many thought.
When Big Websites Crash
The reason for the June 2021 downtime of several major websites was determined to be a technical problem in their content delivery network (CDN) provider. The CDN provider admitted the mistake through a tweet: “We identified a service configuration that triggered disruptions across our POP’s globally and have disabled that configuration”
What is a content delivery network? It is basically a geographically distributed network of servers deployed to ensure the efficient delivery of online content. Pages and content load faster when they are provided by a server that is geographically closer to the user requesting the page or content. With multiple servers located across different parts of the world, CDNs help ensure the fast and efficient delivery of content to users regardless of their location.
This reliance on content delivery networks, however, has a crucial downside. When the CDN provider goes down, everybody who relies on it also goes down. This is what happened with the crashing of major websites in June. The configuration problem on the CDN provider’s side was enough to stir a worrisome event that generated various speculations. The downtime was not that long, but imagine if the crash was caused by something else more serious, like a state-sponsored hack attack. Recovery would have taken way longer.
It is for this reason that organizations are advised to only use dependable content delivery networks and ascertain that the providers they are choosing to have adequate content delivery or CD security. A good CDN should not only be able to optimize site performance, but it should also provide adequate protection for active and legacy applications, third-party apps, APIs, microservices, virtual machines, and more.
Several other major sites share the same CDN provider, and it is incumbent upon their provider to ascertain the reliability and security of their network. If a persistent cyberattack manages to pull the plug on Medium.com’s CDN, for example, numerous other websites will also go down including ResearchGate, Yelp, Shopify, the World Health Organization, Digg, ScienceDirect, Patreon, and Discord.
CDNs: Added Defense or an Additional Threat?
Many view content delivery networks as a solution to the possibility of getting attacked by cybercriminals. For example, with DDoS attacks, which have increased by 341 percent during the pandemic, CDNs are viewed as a protective setup as they have vast resources to absorb massive DDoS attacks. They also have the expertise to better deal with various other threats that are designed to
However, there is also the alternative view that sees CDNs as leverage to amplify attacks. A study by researchers from multiple universities explored this idea. “This paper uncovers a vulnerability which not only allows an attacker to penetrate CDN’s protection but to actually use a content delivery network to amplify the attack against a customer website,” reads the study’s abstract.
The study demonstrates how a CDN can be “recruited” to amplify an attack on multiple websites. It found vulnerabilities in two leading commercial CDNs, Akamai and Limelight, that help enable attacks. In particular, both of these content delivery networks allow trackers to send a request to an arbitrary edge server within the CDN platforms that can override the CDNs’ server selection mechanisms. Also, this request can penetrate CDN caching to reach the origin site and use an edge server to exhaust bandwidth by processing the request from the origin site.
These weaknesses may have already been addressed by more established content delivery networks at present. However, the same weaknesses or their variations/evolution may be present in newer CDNs that have yet to establish their expertise in handling more aggressive and sophisticated attacks.
There is no question that CDNs can be a form of defense for websites. However, the wrong choices can easily turn them into a burden. Using a poorly secured CDN, including those that take time to respond to newly discovered threats, is more of a threat than a veil of protection.
The Need for a Better CDN
The CDN market is growing rapidly. According to BCC Research, it is set to be worth $34.3 billion in 2024, more than triple its value of $11.5 billion in 2019 or a CAGR of 24.5 percent for the 2019-2024 period. More and more websites are relying on CDNs for their efficient content delivery and supposed protection from the usual attacks, especially DDoS.
This staggering growth only shows how important it is for content delivery network providers to secure their systems. At the same time, it shows how CDN users should be wary of the providers they are choosing. With numerous new CDNs sprouting, customers benefit from the broader range of options and lower price of services because of the growing competition. However, this also means the higher possibility of encountering scrupulous and run-of-the-mill providers that can endanger a company’s website more than create advantages.
It is advisable to select a CDN provider that can guarantee a 99.999 percent uptime while ensuring low latency (50ms minimum) for the vast majority of its global network. Also, it is recommended to pick a content delivery network that can provide an efficient issue resolution through a service-level agreement (SLA).
The unsightly and highly inconvenient of big websites going down together is going to become a common occurrence because of the growing reliance on CDNs and the inability of CDN providers to implement improved security measures. Content delivery networks are now becoming the new targets for concerted cyberattacks, especially state-sponsored ones, because of the kind of impact that results from their downtime.
It is reassuring to know that CDN companies, at least the leading ones and those associated with established cybersecurity firms, are constantly updating their security and technologies to keep up not only with the growing demand for their services but also to anticipate cyberattacks that target them.