Cyber Incident Victim: Business Wire

On January 31, 2018, Business Wire, a press release distribution service owned by Berkshire Hathaway, experienced a distributed denial-of-service (DDoS) attack targeting its online service portal. The attack continued for at least one week, as confirmed in a February 7 internal memo from Chief Operating Officer Richard DeLeo. Attackers attempted to overwhelm BusinessWire.com with malicious traffic from multiple sources, aiming to render the website unavailable. Clients reported intermittent slowness when accessing the portal during this period, though the company emphasized its core content dissemination services remained fully operational throughout the incident. Business Wire confirmed no evidence of data compromise or unauthorized access to client information systems, indicating the attack solely targeted availability rather than confidentiality or integrity.

Business Wire's security team collaborated with external partners to implement mitigation measures against the sustained attack, working to stabilize their web infrastructure. The company maintained transparency with clients through direct communications while continuing normal press release distribution operations. Industry context provided by security vendors indicated such attacks averaged 15 incidents annually per organization, typically causing 17 hours of downtime ranging from performance degradation to complete service outages. Contemporary DDoS attacks frequently reached bandwidth peaks of 30-40 Gbps, with some exceeding these volumes. Cybersecurity experts contemporaneously noted the growing challenge of IoT device exploitation in amplifying attacks, while also cautioning that visible DDoS incidents could potentially distract security teams from concurrent stealthier intrusions. Business Wire's public communications focused exclusively on service impact and remediation efforts without attributing motives or identifying perpetrators.