Researchers point to a fundamental security problem at Elon Musk’s X, which allowed a massive cyber attack to disrupt the social media platform Monday.
According to Bloomberg, this incident highlights how vulnerable websites remain to such attacks, despite the availability of sufficient protection measures.
On Monday, social media platform X experienced significant outages caused by a massive cyber attack potentially originating from Ukraine. Elon Musk described the attack as particularly powerful and well-coordinated, suggesting geopolitical implications.
Most user complaints were related to the mobile app, though website users also encountered problems. After a brief recovery period, a second outage occurred around 9:30 a.m., with reported issues climbing to 37,000. Later that day, complaints temporarily decreased before surging again to more than 34,000 around noon.
An unidentified party apparently targeted an origin server of X early this week. This server, which processes and responds to Internet requests, was directly accessible through the Internet, experts explained to Bloomberg.
Leaving such a system unprotected represents a significant security vulnerability. It enables attackers to identify the server’s location and execute targeted attacks. This resulted in X being flooded with fraudulent traffic, causing hours of disruption, according to researchers.
DDoS attacks remain a threat
DDoS (Distributed Denial of Service) attacks, once a major challenge for website owners, became more manageable over the past decade thanks to cybersecurity technologies that intercept and filter malicious traffic before it reaches protected websites.
However, the attack on X demonstrates that DDoS attacks remain a powerful weapon for hackers and pose a serious threat to organizations with security vulnerabilities. This comes at a time when cybercriminals are developing increasingly sophisticated techniques to disable popular sites. Such attacks are often chosen to make political statements or to extort website owners.
Cybersecurity experts have long warned that even well-protected websites remain vulnerable to these increasingly sophisticated techniques. Bloomberg News reported in 2023 a series of attacks by the hacktivist group Anonymous Sudan that disrupted services including OpenAI’s ChatGPT and Microsoft programs such as Outlook, Teams, and OneDrive.