Cyber Incident Victim: Sucuri
Date:
Apr 2018
Location:
United States of America
Summary
A website security firm experienced large-scale volumetric DDoS attacks targeting its global infrastructure, causing service disruptions in multiple regions including West Europe, South America, and parts of the Eastern United States. The attacks overwhelmed network ports, resulting in significant latency and packet loss. Mitigation efforts involved collaboration with Tier 1 providers but took longer than anticipated due to the attack's magnitude. Services were eventually restored after successful mitigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 12, 2018, at approximately 11 pm PST, Sucuri, a California-based website security firm, experienced a series of large-scale volumetric distributed denial-of-service (DDoS) attacks targeting its network infrastructure. The attacks caused significant service disruptions across multiple geographic regions, with pronounced impacts in West Europe, South America, and parts of the Eastern United States. Network ports approached capacity thresholds under the sustained assault, resulting in very high latency and packet loss for affected customers. Sucuri’s status updates confirmed the global scope of the outage, which remained ongoing for an extended period as mitigation efforts commenced. The company characterized the attack as "massive" but did not disclose specific technical metrics such as peak traffic volume or attack vectors. Service degradation affected both Sucuri’s internal operations and customer websites protected by its security infrastructure, though the exact number of impacted clients was not quantified in available reports.
Sucuri activated its incident response protocols by collaborating with Tier 1 network providers and upstream partners to reroute traffic and implement mitigation measures. The company’s Network Operations Center (NOC) worked continuously to contain the attack but noted the unprecedented scale prolonged resolution efforts beyond initial expectations. Real-time updates were disseminated through Sucuri’s official status page and Twitter account, where Chief Marketing Officer Tony Perez acknowledged the global impacts and absence of an estimated time for full restoration. Despite the operational challenges posed by the attack’s magnitude, mitigation was ultimately successful, with services restored to normal functionality by the time external media reported on the incident. No attribution details, threat actor motives, or financial impact assessments were disclosed in post-incident communications. The event occurred amid a broader industry trend of escalating DDoS campaigns, including record-setting attacks exploiting Memcached vulnerabilities earlier that year, though no direct connection between those incidents and the Sucuri attack was established.