DDoS Attack Causes Waves of Internet Outages

ddos-dynHundreds of websites — including those of biggies such as Netflix, Twitter and Spotify — on Friday fell prey to massive DDoS attacks that cut off access to Internet users on the East Coast and elsewhere across the United States.

Three attacks were launched over a period of hours against Internet performance management company Dyn, which provides support to eight of the top 10 Internet service and retail companies and six of the top 10 entertainment companies listed in the Fortune 500.

The first attack against the Dyn Managed DNS infrastructure started at 11:10 a.m. UTC, or 7:10 a.m. EDT, the company said. Services were restored at about 9:00 a.m. Eastern time.

The second attack began around 11:52 a.m. EDT and was resolved by 2:52 p.m. The third attack, which started around 5:30 p.m., was resolved by about 6:17 p.m., according to Dyn’s incident report.

“This is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent,” said Chase Cunningham, director of cyberoperations for A10 Networks.

“The bad guys are moving upstream for DDoS attacks on the DNS providers instead of just on sites or applications.”

Dyn “got the DNS stuff back up pretty quick. They were very effective,” he told TechNewsWorld.

The Severity of the Attacks

While the attacks were “pretty large,” they “didn’t bring anything down for very long,” Cunningham noted.

Still, without confirmation from Dyn or ISPs, “it’s only possible to speculate on the severity of this attack,” said Craig Young, a computer security researcher at Tripwire.

“It is, however, reasonable to assume that the attackers controlled a considerable bandwidth in order to take out a service known for its resiliency against this type of attack,” he told TechNewsWorld.

Getting the bandwidth to launch the attack has become easier with the proliferation of the Internet of Things. Cybercriminals and hackers increasingly have roped IoT devices into service as botnets to launch successive waves of very large DDoS attacks.

“Threat actors are leveraging insecure IoT devices to launch some of history’s largest DDoS attacks,” A10’s Cunningham noted.

Manufacturers should eliminate the use of default or easy passwords to access and manage smart or connected devices, he said, to “hinder many of the global botnets that are created and deployed for malicious use.”

Who’s Pulling the Strings?

A nation state or states might be preparing to take down the Internet, cybersecurity expert Bruce Schneier recently warned, and “if there’s a threat actor out there with this goal, DNS infrastructure would be a very natural target to expect,” Tripwire’s Young pointed out.

Another possibility is that the attacks could be a publicity stunt for a new threat actor launching a DDoS as a Service business, he suggested, in which case someone will claim responsibility for the attacks “in coming days or weeks.”

Nothing points to one particular group, although it appears that recently more attacks have been coming from South America than from Russia or the former Soviet bloc, A10’s Cunningham said.

At this point, considering the source “is total speculation,” he added.

The United States Department of Homeland Security reportedly is looking into the attacks.

The explanation may turn out to be simple. Perhaps Dyn’s DNS servers were too tempting a target for hackers and led to an attack of opportunity

admin

Related Posts

MTNL to offer free national roaming to its subscribers from January 1st

Comments Off on MTNL to offer free national roaming to its subscribers from January 1st

Budgeting Energy in the Workplace

Comments Off on Budgeting Energy in the Workplace

Why You Need to Optimize Your Mobile Web Design

Comments Off on Why You Need to Optimize Your Mobile Web Design

Online ticket marketplace Vivid Seats is looking to sell for $1.5 billion

Comments Off on Online ticket marketplace Vivid Seats is looking to sell for $1.5 billion

HGH Side Effects On Men From Injections & Pills

Comments Off on HGH Side Effects On Men From Injections & Pills

Sony Entertainment CEO Exiting to Become Snap Chairman

Comments Off on Sony Entertainment CEO Exiting to Become Snap Chairman

Software  Testing Administrations – Best Practices

Comments Off on Software  Testing Administrations – Best Practices

Pokemon Sun and Pokemon Moon Now Available in Japan, US, and Australia

Comments Off on Pokemon Sun and Pokemon Moon Now Available in Japan, US, and Australia

Lenovo ThinkPad Laptops With Intel ‘Kaby Lake’ Processors Unveiled Ahead of CES 2017

Comments Off on Lenovo ThinkPad Laptops With Intel ‘Kaby Lake’ Processors Unveiled Ahead of CES 2017

DIM benefits in women and men

Comments Off on DIM benefits in women and men

How GIS Is Used by Mobile Companies

Comments Off on How GIS Is Used by Mobile Companies

EaseUS Data Recovery Software: Experience the Complete Recovery Package

Comments Off on EaseUS Data Recovery Software: Experience the Complete Recovery Package

Create Account



Log In Your Account