Just when everything was getting back to normal, Dyn was hit with a second major cyberattack, knocking off dozens of high-profile websites from the web.
Dyn’s managed domain name service was hit by a massive flood of web traffic earlier this morning that left much of the US eastern seaboard unable to access Twitter, Reddit, and Spotify — just to name a few.
As of the time of writing, the company was investigating and mitigating “several” distributed denial-of-service (DDoS) against its infrastructure.
For now, exactly what’s happening remains a mystery.
Also: DDoS attacks: Getting bigger and more dangerous all the time | Cisco CEO Robbins: There are no backdoors in our products | Thanks, script kiddies: 100Gbps DDoS attacks now commonplace | DDoS attacks increase over 125 percent year over year |
Some have pointed the finger of blame at state-sponsored actors. Sister-site CBS News confirmed that Homeland Security was aware of the attack and is “investigating all potential causes.” Others are pointing to a resurgence of botnet activity, which has been surging in recent weeks thanks to the Mirai malware infecting millions of smart home and internet-connected devices.
It could be days, if not weeks, before we know more about what happened.
The elephant in the room is that this probably shouldn’t have happened. At very least there’s a lot to learn already about the frailty of the internet DNS system, and the lack of failsafes and backups for websites and tech companies that rely on outsourced DNS service providers.
“It’s also a reminder of one risk of relying on multi-tenant service providers, be they DNS, or a variety of many other managed cloud service providers,” said Steve Grobman, chief technology officer at Intel Security.
Grobman warned that because this attack worked, it can be exploited again.
“Given how much of our connected world must increasingly rely upon such cloud service providers, we should expect more such disruptions,” he said. “We must place a premium of service providers that can present backup, failover, and enhance security capabilities allowing them to sustain and deflect such attacks.”
And that’s key, because even though Dyn is under attack, it’s the sites and services that rely on its infrastructure who should rethink their own “in case of emergency” failsafes. It may only be the east coast affected but lost traffic means lost revenue.
Carl Levine, senior technical evangelist for NS1, another major managed DNS provider, said that the size and scale of recent attacks “has far exceeded what the industry thought was the upper end of the spectrum.”
That’s taken some by surprise. In the past year, some of the largest reported flooding attacks were in the 600 Gbps range, according to sources speaking last year. Now they’re looking at over 1.1 Tbps in size — and larger in some cases.
It may be why Dyn hasn’t fended off the attackers as quickly as it could.
“Large companies need to constantly upgrade their flood defenses. Some approaches that worked just a few years ago are now basically useless,” said Kevin Curran, senior member with IEEE.
“Newer DDoS attacks change their profile much quicker so it becomes more and more difficult to simply identify which packet requests are nefarious,” he said.
As these flood attacks get more advanced, the buck stops with the websites and services that appear to be offline — even if they’re open for business to the rest of the world.
Levine and Grobman both recommend redundant DNS services in the event of an infrastructure attack. If your infrastructure fails, you swap out the old with the new — in reality, that’s easier when it comes to outsourced DNS providers and networking infrastructure.
And there’s your lesson: be nimble in the face of an attack.