Cloud Mail Incident - 09-06-2017
Incident Report for SYNAQ

Summary and Impact to Customers

From Friday 9th June to Monday 12th June 2017, SYNAQ Cloud Mail experienced a DDoS attack which affected all Client on the Cloud Mail platform.

The resultant impact of the event was the inability of Clients to authenticate via the Webmail User Interface and POP3.

Root cause and Solution

The root cause of this event was due a DDoS attack, whereby an overwhelming amount of concurrent international servers attempted to brute force a very large number of users on our Cloud Mail environment. As a result, the Cloud Mail authentication management system became degraded and could no longer accept any authentication and mail processing requests.

In order to resolve this incident, SYNAQ Engineers initially blocked a large number of offending IP’s on an individual basis throughout Friday and continued to block newly identified offending IP’s throughout the weekend. However, on Monday morning, the attacks became more widespread and aggressive and as such, SYNAQ Engineers identified the primary geographic locations from where the DDoS originated and applied a Geographic IP block on those countries, thus preventing any offending IP traffic from entering the environment.

Remediation Actions

A new authentication proxy layer is being engineered and implemented in order to dynamically detect and prevent brute force DDoS attacks in the future.

Posted 5 months ago. Jun 22, 2017 - 16:25 CAT

Resolved
SYNAQ Engineers have now resolved the Cloudmail issue.
Posted 5 months ago. Jun 09, 2017 - 16:24 CAT
Monitoring
SYNAQ Engineers have identified the root cause of the issue and remedial action has taken place.
We expect full resolution shortly.
Posted 6 months ago. Jun 09, 2017 - 12:48 CAT
Update
SYNAQ Q portal is experiencing degraded performance and users will have issues utilising this tool.
Posted 6 months ago. Jun 09, 2017 - 10:07 CAT
Investigating
Cloud Mail is currently experiencing an authentication issue. The resultant effect is Slow log-in functionality and authentication pop-up requests.
Our engineers are investigating this as a matter of urgency.
Posted 6 months ago. Jun 09, 2017 - 09:36 CAT
This incident affected: SYNAQ Cloud Mail and SYNAQ Q Portal.