Hiccup in Akamai’s DDoS Mitigation Service Triggers Massive String of Outages

Cyber Security News

An hour-long outage hit airlines, banks and the Hong Kong Stock exchange. It’s thought to have been caused by a DDoS mitigation service.

Major financial institutions, airlines and the Hong Kong stock exchange were knocked offline by a backfiring distributed denial-of-service (DDoS) mitigation service Thursday. The hour-long outage, which was triggered at approximately 1 a.m. EST Thursday, is tied to Akamai Technology’s anti-DDoS Prolexic service.

In a statement to Threatpost at 7:44 a.m. EST, Akamai confirm a segment of its Prolexic platform was impacted and is now back up and running. “We are continuing to validate services. We will share more details of what transpired, but our first priority is ensuring all customer impact is mitigated,” wrote Chris Nicholson, senior public relations manager, Akamai.
According to reports, airline systems used by Delta, American, Southwest and United suffered outages at around 1 a.m. EST. Also impacted were financial institutions including Discover and Navy Federal Credit Union, according to a report by National Public Radio.

Australian based ITNews reported that services believed to rely on Akamai’s Prolexic were knocked temporarily offline.

“Users reported widespread problems accessing a range of internet properties and online services from the likes of CBA, Westpac, ANZ, UBank, AMP Bank, Macquarie Bank, ME Bank and more,” according to ITNews reporter Ry Crozier.

Mid-day operations of Hong Kong’s stock exchange were also impacted by the technical problems.

Virgin Australia also published a statement to its customers attributing an outage it suffered to Akamai’s Prolexic service.

“Virgin Australia was one of many organizations to experience an outage with the Akamai content delivery system today and we are working with them to ensure that necessary measures are taken to prevent these outages from reoccurring,” the airline said in a statement.

Akamai is aware of the issue and actively working to restore services as soon as possible.

— Akamai Technologies (@Akamai) June 17, 2021

Advice by Akamai posted to social media advised, “If you face the downtime, kindly turn off/route off Prolexic solution.” Early, in a tweet posted at 6:24 a.m. EST on Thursday, Akamai stated; “Akamai is aware of the issue and actively working to restore services as soon as possible.”

According to Akamai’s description, Prolexic is a DDoS mitigation service that can fend off “terabit-scale attacks”.

Join Threatpost for “Tips and Tactics for Better Threat Hunting” — a LIVE event on Wed., June 30 at 2:00 PM ET in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. Register HERE for free!