Managed DNS provider Dyn was hit by a series of massive DDoS attacks on Friday, October 21, which left several major sites inaccessible for hours, including Box, CNN, HBO Now, PayPal, Pinterest, Reddit, Spotify, Squarespace, Twitter, Weebly, Wired, Wix, Yelp, Zendesk and Zoho, among many others, Gizmodo reports.
In a statement on its website, Dyn explained that its Managed DNS infrastructure in the Eastern U.S. came under attack from 11:10 UTC to 13:20 UTC, and again from 15:50 UTC to 17:00 UTC. “We will continue to evaluate every situation with the goal of improving our systems and processes to deliver the utmost customer experience,” the company stated.
In a blog post, security expert Bruce Schneier suggested that someone has spent the past year or two probing the defenses of companies critical to the operation of the Internet. “These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down,” he wrote.
“It feels like a nation’s military cyber command trying to calibrate its weaponry in the case of cyberwar,” Schneier added. “It reminds me of the U.S.’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.”
“The outage on Dyn customers is yet another demonstration of how attacks on various critical points on the Internet can affect large numbers of users,” Shape Security CTO Shuman Ghosemajumder told eSecurity Planet by email. “In this case, the DNS system isn’t something that most users think about all the time or even understand, but it is a crucial part of how the internet works and how we access websites and other services.”
Carbon Black co-founder and chief security strategist Ben Johnson said by email that the Internet continues to rely on protocols and infrastructure designed before cyber security was an issue. “Sadly, what we are seeing is only the beginning in terms of large scale botnets and disproportionate damage done,” he said.
Investigative reporter Brian Krebs noted that the size of these DDoS attacks has recently increased significantly due to the broad availability of tools for compromising and leveraging Internet of Things (IoT) devices for use in DDoS attacks. “Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks,” he wrote.
A Fastly study of IoT devices conducted earlier this month found that on average, an IoT device is infected withmalware and will launch an attack within just six minutes of being exposed to the Internet.
Over the span of a day, the study found, IoT devices are probed for vulnerabilities 800 times per hour. There’s an average of one login attempt every five minutes, 66 percent of which are successful.
“With the advent of the Internet of Things, the potential for a botmaster to expand his or her botnet’s size is now greater than ever before,” Digital Guardian director of advanced threat protection Will Gragido said by email. “Increased size and diversity aides in not only allowing the botmaster to remain in business but also ensures that they are able to carry out their desired outcome when those resources are called upon to do so.”
“Organizations need to consider mitigative solutions (services or point products) designed to provide protection against complex, volumetric DDoS attacks on a global basis in order to withstand such attacks,” Gragido added.
A recent eSecurity Planet article offered advice on improving IoT security.