Zoho pulled offline after phishing complaints, CEO says

[steven36]

Zoho .com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.

 

 

The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.

 

In an email to TechCrunch, Zoho boss Sridhar Vembu said that TierraNet “took our domain down without any notice to us” after receiving complaints about phishing emails from Zoho-hosted email accounts.

In doing so, thousands of businesses that rely on Zoho for their operations couldn’t access their email, documents and files, and other business-critical software during the day. Zoho counts Columbia University, Netflix, Citrix, Air Canada and the Los Angeles Times as customers.

 

“They kept pointing us back to their legal, even when I tried to call their senior management,” said Vembu in the email.

 

Zoho.com was back up and running hours later, but at the time of writing, service to the site is spotty — likely due to the slow nature of domain name resolving. It may take hours or days for the site to be fully restored across the globe.

 

Quote

 

Yes a detailed explanation is coming, as we dig our way out of this. We are working to ensure that everyone is able to access https://t.co/o2TlVFrtjB and ensuring that this does not repeat ever again. We apologize.

— Sridhar Vembu (@svembu) September 24, 2018

 

 

Vembu said that TierraNet received three complaints about Zoho-hosted email users in the past two months, which resulted in the domain blocking. He also tweeted about the incident to try to inform users of the domain blockage.

 

“We resolved two of them by suspending the accounts, and one is under investigation,” he said.

 

“We host tens of millions of accounts, and this is sad that our entire domain gets taken down for three complaints,” he said. “We are actively working to move our domain registration to another provider.”

It’s not unusual for companies like Zoho, or rivals like Microsoft and Google, to be used by malicious actors to host phishing sites or send phishing emails to unsuspecting victims. But companies typically work to limit malicious use — even if it’s near impossible to stamp it out completely.

 

TierraNet has so far remained silent on the issue. Several tweets showed TierraNet customer support agents apparently confirming Vembu’s version of events.

 

Quote

 

pic.twitter.com/bXPF7P56vW

— Heather Jones (@HeatherJonesRS) September 24, 2018

 

 

We reached out to TierraNet for comment but didn’t hear back at the time of writing. If that changes, we’ll update.

 

Source

[steven36]

Update on Zoho Services Disruption

 

 

Quote

 

Dear Zoho Customer,

Let me first acknowledge the obvious. The last several hours have been a nightmare for some of you since you have not been able to access the Zoho services you trust and rely on, to run your business. The zoho.com domain was inaccessible for many customers. Rapid corrective action has been possible for many customers to restore service availability but has not worked for some others.

Before I offer explanations, let me offer you my genuine apology. I run Zoho and as a business owner and CEO can fully understand what it means to not be able to access the software and services that keep your businesses on track and serves your customers. For this, I am truly sorry. I have been at the helm of this situation since it broke many hours ago and will continue to be here until everything is fully resolved.

What happened?

Here’s what happened. Our domain name registrar blacklisted (shut down) our domain. (Registrars are independent organizations that manage the reservation of internet domain names. The registrar does not host any Zoho site, they simply register the zoho.com domain name.) The blacklist lasted about an hour before it was restored. This means any incoming services request to Zoho.com cannot get resolved into the proper IP address that can deliver the services (although the service is still up at the specific IP address). The shutdown impacted some, but not all, customers who tried to use any Zoho service. Unfortunately, domain names still remain a single point of failure in the system.

The shutdown was done by an automatic algorithm in response to phishing complaints against Zoho. (Phishing is a fraudulent attempt by a malicious third party to impersonate a legitimate email address for nefarious activity, like fake invoicing). Phishing has successfully targeted all major email services providers around the globe. Phishing is rampant and mail services providers like Zoho have devised multiple methods to combat it like blacklisting, flagging suspicious emails, scanning, smart filters, and other methods. According to Symantec, 76% of all organizations have reported falling victim to phishing attacks in 2017.

In this case, the registrar received 3 phishing complaints over the last two months (from recipients of third parties phishing messages impersonating Zoho mail), 2 of which were addressed immediately and 1 was under investigation. To put these numbers in context, just one security service company blocked 51 million phishing attempts in 2017.

Somehow this automated algorithm decided to shut down the Zoho domain based on these 3 cases—without prior warning of the shutdown, or investigation into the traffic supported by this domain. Let me also be clear that there was no cyber attack on Zoho.

What have we done so far?

The registrar restored our name service (DNS) within an hour, but new names (including more than 100 Zoho subdomains, like projects.zoho.com, that have been impacted) take anywhere from 24 to 48 hours to propagate to DNS servers around the globe and reach your business. This is an exceedingly frustrating wait for all of us. We have also migrated to a new registrar (Cloudflare) already.

Until then we have shared multiple workarounds on our @zoho handle on Twitter (and other Zoho social media sites). Many internet service providers are slow to update their domain name resolution servers (DNS servers) but Google and Cloudflare provide fast-updating DNS servers, and those already have the restored Zoho.com name servers cached in them. This is the essence of the workarounds. We have explained how to use them on various operating platforms like Windows, MacOS, Linux, Android, and iOS. These work for many impacted customers, but perhaps not for all. We will continue to explore and post others. In any event, DNS server updates will automatically happen across the globe, making services accessible.

What can you do?

• Watch our posts on the @zoho Twitter handle.

• If you still face issues, see if any of the workarounds posted under the Zoho handle work for your business

• Write to us at [email protected]. We will instantly monitor and respond to all requests to this line.

What are we doing long term?

You have my assurance that nothing like this will ever happen again. We will not let our fate be determined by automated algorithms of others. We will be a domain registrar ourselves.

I thank you for your support and I will be here until you do not need me anymore.

Sincerely,

Sridhar Vembu

CEO

 

Source

[DKT27]

Quite a famous software here, at least, well advertised one. Being online based is a big problem which is why I never looked into it properly, I guess, I was right in doing so. Still, looks quite good to be ignored though.