Internet outageFastly’s Global Internet Meltdown Could Be a Sign of Things to Come

By David S. Wall

Published 10 June 2021

For an hour on the morning of June, dozens of the world’s most-visited websites went offline. Together, these websites handle hundreds of millions of users. This case illustrates the fragility of an internet that’s being routed through fewer and fewer channels. When one of those major channels fails, in what is called a “single point of failure”, the results are dramatic, disruptive and incredibly costly. It’s urgent we address this significant vulnerability if we’re to avoid another global internet meltdown – but this time caused by criminals, not code.

For an hour on the morning of June 8, dozens of the world’s most-visited websites went offline. Among those affected were Amazon, Reddit, PayPal and Spotify, as well as the Guardian, the New York Times and the UK government website, gov.uk. Together, these websites handle hundreds of millions of users.

The issue was quickly traced to Fastly, a cloud computing company which offers a content delivery network to the affected websites. Designed to alleviate performance bottlenecks, a content delivery network is essentially a system of computers or servers that hold copies of data across various points of a network. When it fails, the websites it supports cannot retrieve their data and are forced offline.

The outage to Fastly’s content delivery network appears to have been caused by an internal software bug that was triggered by one of their customers. Yet even though it was resolved within an hour, it’s estimated to have cost Fastly’s global clientele hundreds of millions of dollars.

This case illustrates the fragility of an internet that’s being routed through fewer and fewer channels. When one of those major channels fails, in what is called a “single point of failure”, the results are dramatic, disruptive and incredibly costly.

This hasn’t been lost on cybercriminals, who know that one targeted hack can bring down or breach a number of organizations simultaneously. It’s urgent we address this significant vulnerability if we’re to avoid another global internet meltdown – but this time caused by criminals, not code.

Warning Signs
Given that it came hot on the heels of the ransomware attack on the Colonial oil pipeline in the US, experts initially speculated that Fastly’s outage could have been caused by a cyberattack.

It’s easy to see why. Drawing upon an analysis of over 4,000 ransomware attacks, my research has revealed a massive acceleration in major cyberattacks that target organizations, conducted by ransomware gangs looking to extort cash from businesses they manage to hack.

These attacks are taking advantage of vulnerabilities caused by remote working arrangements. But there’s also been a noticeable shift in attacks upon organizations like Fastly, which provide core services to other organizations and their own clientele.

This trend is unlikely to stop. Ransomware has become a sophisticated billion-dollar business, and attackers are supported by an increasingly professional ecosystem that’s incentivized by the high yield generated by such attacks. A 2020 Verizon report found 86% of hacks are financially motivated, while less than 10% are motivated by espionage.