Series of distributed denial of service (DDoS) was experienced by Tutanota mid of this month. The attack was able to completely halt its use entirely and affects over 2 million of its users. Unknown cyber attackers not only attack the company itself but also spread its malicious activity to the DNS provider of the company, ensuring it will be incapacitated for some time.
Tutanota is a private company that provides encrypted mailing service that was founded in 2011 in Germany. They cater to most users that require privacy when communicating through emails. With most email service providers like Yahoo and Google whose emails can be tapped on, especially when the news of emails is being scanned and skimmed, the birth of Tutanota and ProtonMail alike. This platform satisfies the need of people for secure email communication at the highest level. They cater most prominent business and organizations that need additional security on their email service, as well as private individuals like activists and journalists that need to secure their email contents, are only for the eyes of their intended recipients only.
With their advocacy, they built a company that became the medium for people that value most of their privacy. With its end-to-end encryption service, users have the assurance that their communication is tapped free. The company operates from the user’s donation and fees from its premium users. They also cater to an open-source platform wherein developers are free to contact them and help them to improve the app by giving feedback for their discovered vulnerability within the app or suggest another feature that can be integrated onto the app platform.
An official statement from Tutanota confirmed that the attack was merely a statement of an unknown adversary to tar on its advocacy to have a secured private communication.
No data has been leaked on this incident as their applied security on their system cannot be easily penetrated by an attacker. And these data cannot also be accessed even by Tutanota due to its high-security protocol. Thus, the damage that can only be done to Tutanota is to have it inoperable for a few hours. It was discovered that the adversary was able to overload its traffic bandwidth caused by DDoS.
They mitigated a plan to perform IP-block to the known IPs used by an adversary to overload their server. Unfortunately, the adversary was very persistent in which they diverted their attack to the DNS provider of Tutanota, causing more delay for it to be back online immediately. Since their service was locked onto their DNS provider, they had a hard time transferring their service to a different DNS provider.
Tutanota confirmed that they are doing their best for such an attack to be avoided in the future. They are always improving their mitigation plan to be more ahead of a possible attack. They also ensured their clients that their data is highly encrypted, and data leaked is not on their plate.
Due to the recent attack, Tutanota came up with a plan to replicate an offline version of the platform to ensure that users can have access to their stored mails anytime and possibly hosting a status page to let users know when the application is unavailable.