Attackers targeted a major networking provider with a large web attack, disrupting the access of millions of US and Europeans to high-profile websites.
NS1, a domain name server provider and networking giant, was repeatedly hit throughout Monday by unnamed attackers, but recovered towards the end of the working day.
“We had performance degradation in several markets with the US and Europe seeing the greatest impact,” said Jonathan Lewis, vice-president of product at NS1, in an emailed statement.
Lewis declined to say who was behind the attack, but described it as a “complex and evolving attack spanning a number of techniques.”
The New York-based networking company said serves large traffic websites, like Yelp and stick-figure strip cartoon site XKCD.
Imgur, a customer of NS1, said in a tweet that it acknowledged that European users were impacted by the outage. OneLogin, a secure identity management company, also said its users were experiencing issues during the day.
Many users were unable to access their sites and services on Monday.
The attack started at about 10:45am in New York, according to the company’s status page. The company said the “evolved” attack, a distributed denial-of-service (DDoS) attack, affected almost every region around the globe — including Asia and the Americas.
By mid-afternoon, the company was able to stabilize its systems after several configuration changes to mitigate the attack, describing it as a “defensive posture.”
But the attack persisted throughout the day, with further disruption hitting networks and end users into late-evening in Europe.
Lewis said that the attack was “one of the largest and most sophisticated we have ever observed,” with “many tens of millions of packets hammering our network every second, complex migration of traffic across the network, and a series of precise strategies for targeting our systems.”
NS1 did not give specific figures of how large the attack was.
However, we’ve noted in our previous coverage that industry sources are aware of attacks matching 600 Gbps which have been previously detected and privately reported. Attacks that big are rare, and are understood to be difficult to carry out, but aren’t impossible.
That we know of, no group or malicious actor has publicly taken credit for the attack.