Update - From 3:51 PM ET to 3:56 PM ET, we detected another large-scale DDoS attack against the platform. Thanks to the currently deployed mitigations, the platform did not experience a full outage, but customers may have experienced elevated error rates from their applications.
Apr 15, 2024 - 16:22 EDT
Monitoring - Incident Summary
Throughout the past week, our platform has been subject to ongoing Distributed Denial of Service (DDoS) attacks, as evidenced by the previous StatusPage updates.
Thanks to our security measures and platform automation, the platform was able to recover from those attacks in under five minutes, so we immediately marked all of those previous incidents as “Resolved”. To be clear, even though we considered those incidents resolved, our investigation into their causes and how to mitigate them more effectively remains ongoing.
Since these attacks are still ongoing and varying in scale, it is possible there could be further disruptions to our platform. To centralize and to improve our communications on these incidents, we will leave this particular incident open and will update it with announcements of any further outages or implemented mitigations.
Incident Details - DDoS attack
Time Detected: 4/15/2024 8:45 AM ET Duration: Around 2 minutes Impact: Users may have experienced slow response times or elevated rates of 502 error responses during the attack. Resolution: Our automated DDoS protection systems quickly identified and mitigated the attack, restoring normal service operations without significant impact.
Actions Taken
In response to these ongoing attacks, we have implemented changes to the scaling of our platform infrastructure and the way that malicious traffic is intercepted.
Since these measures are being deployed actively in response to ongoing attacks, we cannot specify exactly what they are, but hopefully once these attacks subside we can provide further clarity.
Next Steps
We will continue to monitor our systems closely and adjust our security measures as needed. We will keep our users updated on any relevant developments or preventive measures being implemented.
Once the attacks have subsided or have been sufficiently mitigated, our team will conduct a post-mortem analysis of these incidents in order to identify any potential improvements to our security posture or our incident response techniques and processes.
We will publish a summary of our post-mortem with the findings of our investigation once it is complete.
Acknowledgment
We appreciate your understanding and patience during this incident. The swift resolution of this DDoS attack underscores our commitment to providing a secure and reliable platform. If you have any concerns or questions, please do not hesitate to contact our support team at support@cloud.gov.
Thank you for your continued trust in cloud.gov.
Apr 15, 2024 - 11:45 EDT
Throughout this week, our platform has been subject to massive, coordinated Distributed Denial of Service (DDoS) attacks.
Today, on 4/12/2024, our platform experienced another DDoS attack that took our platform down for around 5 minutes.
Thanks to our security measures and platform automation, we were able to fully recover and mitigate the effects of the DDoS attack in under five minutes.
Unfortunately, while deploying additional mitigations for the underlying source of the DDoS attacks, there was an interruption to all traffic coming into our platform from a CDN, including traffic for cloud.gov Pages customers.
Incident Details - DDoS outage
Time Detected: 4/12/2024 1:54 PM ET Duration: Around 5 minutes Impact: Users may have experienced slow response times or temporary inability to access our services during the attack. Resolution: Our automated DDoS protection systems quickly identified and mitigated the attack, restoring normal service operations without significant impact.
Incident Details - CDN-based traffic outage
Time Detected: 4/12/2024 2:25 PM ET Duration: Around 5 minutes Impact: All customers whose traffic passes through a CDN, including cloud.gov Pages customers or users of brokered CDN services, experienced a full outage of their services. Resolution: We manually reverted the change which caused CDN-based traffic to be rejected and also reverted the change in the infrastructure source code, so that the change will not be deployed again.
Actions Taken
Our DDoS mitigation tools were activated to rate limit malicious traffic, allowing the platform to recover from the initial DDoS attack.
Our security team is conducting a thorough investigation into the attack to understand its origins and to prevent similar incidents in the future.
Next Steps
We will continue to monitor our systems closely and adjust our security measures as needed. An in-depth review of this incident is being conducted to identify any potential improvements to our security posture. We will keep our users updated on any relevant developments or preventive measures being implemented.
We will publish a post-mortem with the findings of our investigation in the coming days.
Acknowledgment
We appreciate your understanding and patience during this incident. The swift resolution of this DDoS attack underscores our commitment to providing a secure and reliable platform. If you have any concerns or questions, please do not hesitate to contact our support team.
Thank you for your continued trust in cloud.gov.
Apr 12, 15:12 EDT
Resolved -
Incident Summary On 4/11/2024, our platform experienced a Distributed Denial of Service (DDoS) attack that briefly impacted our services. We want to assure our users that the security and reliability of our platform are of utmost importance. Thanks to our robust security measures and platform automation, we were able to fully recover and mitigate the effects of the DDoS attack in under two minutes.
Incident Details Time Detected: 4/11/2024 4:08 PM ET Duration: Less than 2 minutes Impact: Users may have experienced slow response times or temporary inability to access our services during the attack. Resolution: Our automated DDoS protection systems quickly identified and mitigated the attack, restoring normal service operations without significant impact.
Actions Taken Immediate mitigation: Our DDoS mitigation tools were activated to rate limit malicious traffic, allowing the platform to recover. Investigation: Our security team is conducting a thorough investigation into the attack to understand its origins and to prevent similar incidents in the future.
Next Steps We will continue to monitor our systems closely and adjust our security measures as needed. An in-depth review of this incident is being conducted to identify any potential improvements to our security posture. We will keep our users updated on any relevant developments or preventive measures being implemented.
We will publish a post-mortem with the findings of our investigation in the coming days. Acknowledgment We appreciate your understanding and patience during this incident. The swift resolution of this DDoS attack underscores our commitment to providing a secure and reliable platform. If you have any concerns or questions, please do not hesitate to contact our support team.
Thank you for your continued trust in cloud.gov.
Apr 11, 18:13 EDT
On 4/7/2024 and 4/8/2024, our platform experienced a Distributed Denial of Service (DDoS) attack that briefly impacted our services. We want to assure our users that the security and reliability of our platform are of utmost importance. Thanks to our robust security measures and platform automation, we were able to fully recover and mitigate the effects of the DDoS attack in under two minutes.
Incident Details:
Time Detected:4/7/2024 6:30 PM & 4/8/2024 7:45/8:10 PM ET Duration: Each of the 3 events lasted less then 2 minutes each Impact: Users may have experienced slow response times to access our services during the attack. Resolution: Our automated DDoS protection systems quickly identified and mitigated the attack, restoring normal service operations without significant impact.
Actions Taken:
Immediate Mitigation: Our DDoS mitigation tools were activated to filter out malicious traffic, allowing legitimate user traffic to continue unaffected. Investigation: Our security team is conducting a thorough investigation into the attack to understand its origins and to prevent similar incidents in the future.
Next Steps:
We will continue to monitor our systems closely and adjust our security measures as needed. An in-depth review of this incident is being conducted to identify any potential improvements to our security posture. We will keep our users updated on any relevant developments or preventive measures being implemented.
Acknowledgment:
We appreciate your understanding and patience during this incident. The swift resolution of this DDoS attack underscores our commitment to providing a secure and reliable platform. If you have any concerns or questions, please do not hesitate to contact our support team.
On 4/8/2024, our platform experienced a Distributed Denial of Service (DDoS) attack that briefly impacted our services. We want to assure our users that the security and reliability of our platform are of utmost importance. Thanks to our robust security measures and platform automation, we were able to fully recover and mitigate the effects of the DDoS attack in under two minutes.
Incident Details:
Time Detected:4/8/2024 10:15 AM ET Duration: Less than 2 minutes Impact: Users may have experienced slow response times or temporary inability to access our services during the attack. Resolution: Our automated DDoS protection systems quickly identified and mitigated the attack, restoring normal service operations without significant impact.
Actions Taken:
Immediate Mitigation: Our DDoS mitigation tools were activated to filter out malicious traffic, allowing legitimate user traffic to continue unaffected. Investigation: Our security team is conducting a thorough investigation into the attack to understand its origins and to prevent similar incidents in the future.
Next Steps:
We will continue to monitor our systems closely and adjust our security measures as needed. An in-depth review of this incident is being conducted to identify any potential improvements to our security posture. We will keep our users updated on any relevant developments or preventive measures being implemented.
Acknowledgment:
We appreciate your understanding and patience during this incident. The swift resolution of this DDoS attack underscores our commitment to providing a secure and reliable platform. If you have any concerns or questions, please do not hesitate to contact our support team.