The labour day weekend in the US signifies the honouring of the American labour movement and is celebrated annually as a public holiday on the first Monday of September. However, it appears the holiday is not observed among hackers as evidenced by the massive DDoS attack mounted on Linode, one of the top global providers of virtual private servers (VPS) between 3 September and 5 September.
Just hours after the DDoS attack was launched, Linode engineers, who were scrambling to fix the issue, began notifying their clients of the firm "experiencing a catastrophic DDoS attack which is being spread across hundreds of different IP addresses in rapid succession, making mitigation extremely difficult".
Throughout the next day, Linode servers were bombarded with attacks, with engineers periodically reporting about the Atlanta server "stabilising" only to later report that the attacks had "returned and are significantly impacting connectivity".
The constant barrage of attacks severely affected the firm's efforts to mitigate the impact of the cyberattack. While Linode engineers were combating the attacks, the firm's servers remained down, affecting its clients. Clojars, which is an archive of open source Clojure libraries, was one such client temporarily affected by the attack on Linode.
Reports speculate that hackers may have timed to coincide the attacks with the labour day weekend, in efforts to take advantage of the limited number of staff on hand to respond to such a large-scale attack. It is also likely that the cybercriminals may have mounted such an attack to compromise the firm's networks or launch a secondary attack, which may have been all the more difficult to mitigate with limited personnel.
As of 6 September, the firm has had no security incidents to report. This is not the first time that Linode has suffered such a massive DDoS attack. In December 2015, the firm fended off a similar attack which lasted around two weeks and ended in customers reporting unauthorised access to their accounts.
It is still unclear if any sensitive data was accessed by hackers in the latest attempt at intrusion. Linode has since initiated password resets for its customers.