Many websites — with those of biggies such as Netflix, Twitter and Spotify — on Friday fell prey to massive DDoS attacks causes that cut off access to Internet users on the East Coast and somewhere else across the United States.
Three attacks were started over a period of hours alongside Internet performance organization company Dyn, which provides support to eight of the top 10 Internet service and retail business and six of the top 10 entertainment companies listed in the Fortune 500.
The first attack against the Dyn Managed DNS communications started at 11:10 a.m. UTC, or 7:15 a.m. EDT, the company said. Services were restored at about 9:00 a.m. Eastern time.
The second attack began around 11:52 a.m. EDT and was resolved by 2:56 p.m. The third attack, which started around 5:36 p.m., was resolved by about 6:17 p.m., according to Dyn’s incident report.
“This is a original spin on an old attack, as the bad guys are finding new and ground-breaking ways to cause further discontent,” said Chase Cunningham, director of cyberoperations “The bad guys are moving upstream for DDoS attacks causes on the DNS suppliers instead of just on sites or applications.”
Dyn “got the DNS stuff back up attractive quick. They were very effectual,” he told TechNewsWorld
The sternness of the Attacks
While the attacks were “pretty large,” they “didn’t carry anything down for very long,” Cunningham noted.
Still, without verification from Dyn or ISPs, “it’s only likely to wonder on the severity of this attack,” said Craig Young, a computer security researcher at Tripwire.
“It is, however, reasonable to suppose that the attackers controlled a considerable bandwidth in arrange to take out a service known for its resiliency against this type of attack,” he told TechNewsWorld.
Getting the bandwidth to launch the attack has become easier with the propagation of the Internet of Things. Cybercriminals and hackers more and more have roped IoT devices into service as botnets to launch consecutive waves of very large DDoS attacks.
Manufacturers should get rid of the use of default or easy passwords to access and manage smart or connected devices, he said, to “hinder many of the global botnets that are created and deployed for hateful use.”
Who’s Pulling the Strings?
A nation state or states might be preparing to take down the Internet, cybersecurity specialist Bruce Schneier recently warned and “if there’s a threat actor out there with this objective, DNS communications would be a very natural aim to expect,” Tripwire’s Young pointed out.
Another option is that the attacks could be a publicity stunt for a new risk actor launching a DDoS ATTACK CAUSUAL as a Service business, he suggested, in which case someone will claim blame for the attacks “in coming days or weeks.”
Nothing points to one particular group, though it appears that lately more attacks have been coming from South America than from Russia or the former Soviet bloc, A10’s Cunningham said.
The explanation may turn out to be simple. maybe Dyn’s DNS servers were too tempting a target for hackers and led to an attack of opportunity.