Realtors’ Portal Taken Down by Cyberattack
Amid a wave of cyberattacks affecting major tech sites worldwide, the National Association of Realtors' consumer portal came under siege from culprits asking for ransom.
In recent weeks, a series of distributed denial of service (DDoS) cyberattacks—many involving extortion—have hit several major online hubs, knocking them out of service. This week, Move Inc., a network of real-estate brokerage sites, was added to the list. One of the sites they run? Realtor.com, NAR’s primary consumer portal.
As in the other attacks, Move received a ransom request, which it said in a news release it did not respond to. For more than a day, Move fought off the DDoS attacks with the help of Prolexic, an Akamai service that works to mitigate them.
“Although Move has defended itself from DDoS attacks in past, the scale of this week’s attack is large enough to impact the company’s network service providers and require the services of Prolexic,” the company stated. “At this time, Move has no evidence that this attack includes or has resulted in any compromise of data or other content on its websites.”
According to an analysis of the attack by Arbor Networks for Inman News, it started near 5 p.m. EDT on Tuesday, June 17, and continued into Thursday night. (A test of Realtor.com on Friday morning showed the site was online.) Arbor’s Dan Holden said the length of the attack showed malicious intent.
“To put together an attack like this for this long, someone has to care,” Holden told the news site. “The motivation is serious.”
Move says it is reworking its infrastructure to prevent similar attacks in the future.
The attack on Realtor.com is one in a long series of DDoS incidents in recent weeks. Beyond Feedly, Meetup, and Evernote, sites as diverse as Vimeo, Bitly, Moz, and Shutterstock have reported similar attacks, according to The New York Times.
Such attacks, in which the culprits overwhelm the targeted site with a flood of traffic, are increasing in severity as well as number, according to a Forbes report. A single attack in February topped 320 gigabits per second in data load, and another during the same month topped 400 gigabits per second.
“These are whoppers, people,” Forbes reporter Bruce Upbin wrote. “A single DDoS surge of 100 gigabits per second is enough to disrupt most corporate networks. Three hundred gigs could flatten one.”
As a result, security services are stepping up their game. Last week, for example, CloudFlare announced it would work with advocacy groups to launch a program intended to protect public-service organizations from DDoS attacks.