DDoS Attack Causes Waves of Internet Outages

ddos-dynHundreds of websites — including those of biggies such as Netflix, Twitter and Spotify — on Friday fell prey to massive DDoS attacks that cut off access to Internet users on the East Coast and elsewhere across the United States.

Three attacks were launched over a period of hours against Internet performance management company Dyn, which provides support to eight of the top 10 Internet service and retail companies and six of the top 10 entertainment companies listed in the Fortune 500.

The first attack against the Dyn Managed DNS infrastructure started at 11:10 a.m. UTC, or 7:10 a.m. EDT, the company said. Services were restored at about 9:00 a.m. Eastern time.

The second attack began around 11:52 a.m. EDT and was resolved by 2:52 p.m. The third attack, which started around 5:30 p.m., was resolved by about 6:17 p.m., according to Dyn’s incident report.

“This is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent,” said Chase Cunningham, director of cyberoperations for A10 Networks.

“The bad guys are moving upstream for DDoS attacks on the DNS providers instead of just on sites or applications.”

Dyn “got the DNS stuff back up pretty quick. They were very effective,” he told TechNewsWorld.

The Severity of the Attacks

While the attacks were “pretty large,” they “didn’t bring anything down for very long,” Cunningham noted.

Still, without confirmation from Dyn or ISPs, “it’s only possible to speculate on the severity of this attack,” said Craig Young, a computer security researcher at Tripwire.

“It is, however, reasonable to assume that the attackers controlled a considerable bandwidth in order to take out a service known for its resiliency against this type of attack,” he told TechNewsWorld.

Getting the bandwidth to launch the attack has become easier with the proliferation of the Internet of Things. Cybercriminals and hackers increasingly have roped IoT devices into service as botnets to launch successive waves of very large DDoS attacks.

“Threat actors are leveraging insecure IoT devices to launch some of history’s largest DDoS attacks,” A10’s Cunningham noted.

Manufacturers should eliminate the use of default or easy passwords to access and manage smart or connected devices, he said, to “hinder many of the global botnets that are created and deployed for malicious use.”

Who’s Pulling the Strings?

A nation state or states might be preparing to take down the Internet, cybersecurity expert Bruce Schneier recently warned, and “if there’s a threat actor out there with this goal, DNS infrastructure would be a very natural target to expect,” Tripwire’s Young pointed out.

Another possibility is that the attacks could be a publicity stunt for a new threat actor launching a DDoS as a Service business, he suggested, in which case someone will claim responsibility for the attacks “in coming days or weeks.”

Nothing points to one particular group, although it appears that recently more attacks have been coming from South America than from Russia or the former Soviet bloc, A10’s Cunningham said.

At this point, considering the source “is total speculation,” he added.

The United States Department of Homeland Security reportedly is looking into the attacks.

The explanation may turn out to be simple. Perhaps Dyn’s DNS servers were too tempting a target for hackers and led to an attack of opportunity

admin

Related Posts

Panasonic Launches 7 New Air Purifiers in India, Starting Rs. 11,995

Comments Off on Panasonic Launches 7 New Air Purifiers in India, Starting Rs. 11,995

Phishing Websites Stealing Information From 26 Indian Banks, Claims FireEye

Comments Off on Phishing Websites Stealing Information From 26 Indian Banks, Claims FireEye

While visiting a restaurant for Indian food

Comments Off on While visiting a restaurant for Indian food

Leaked emails put spotlight on Snapchat sales tactics

Comments Off on Leaked emails put spotlight on Snapchat sales tactics

Verizon Ventures and R/GA partner to launch a digital media ‘venture studio’

Comments Off on Verizon Ventures and R/GA partner to launch a digital media ‘venture studio’

Microsoft sends invites for January 7th event in India, Surface Pro 4 expected

Comments Off on Microsoft sends invites for January 7th event in India, Surface Pro 4 expected

How to track Santa Claus on Christmas Eve from any device

Comments Off on How to track Santa Claus on Christmas Eve from any device

Gig economy stalwart TaskRabbit is contemplating a sale

Comments Off on Gig economy stalwart TaskRabbit is contemplating a sale

Book DJ

Comments Off on Book DJ

Google is fighting with Symantec over encrypting the internet

Comments Off on Google is fighting with Symantec over encrypting the internet

PS4 Pro Boost Mode Discovered in PS4 System Software Update 4.50; Promises Better Frame-Rates

Comments Off on PS4 Pro Boost Mode Discovered in PS4 System Software Update 4.50; Promises Better Frame-Rates

Facebook Now Lets You Sign Into Android Apps With Mobile Number

Comments Off on Facebook Now Lets You Sign Into Android Apps With Mobile Number

Create Account



Log In Your Account