A massive, ongoing DDoS attack is affecting Twitter, Spotify, Box, SoundCloud, Reddit and other top websites.
The DDoS attack targeted New Hampshire-based company Dyn and its managed DNS infrastructure, and began early Friday morning. The company originally said that it restored operations around 9:30 a.m. Eastern Time, but a second attack followed that knocked Twitter and others offline again for some users, especially those on the East Coast of the US. The attack is ongoing and is causing outages and slowness for many of Dyn’s customers.
The White House press secretary said that the US Department of Homeland Security is investigating, but so far no one knows who might be behind the attacks.
“This is a reminder of how effective an attack on one can be an effective attack on many,” Intel Security CTO Steve Grobman said via email. “DNS is one of those internet infrastructure capabilities upon which we all rely. An attacker seeking to disrupt services to multiple websites, may be successful simply by hitting one service provider such as this, a DNS provider, or providers of multiple other Internet infrastructure mechanisms.”
DNS service translates website names into IP addresses. Delegating such service capabilities to such multi-tenant service providers has tremendous benefits over traditional architectures where companies are responsible for running their own capabilities. But it also means that if those services are targeted with attacks of significant scale, all tenant services relying on a provider could be impacted.
“Given how much of our connected world must increasingly rely upon such cloud service providers, we should expect more such disruptions,” Grobman said. “We must place a premium of service providers that can present backup, failover and enhance security capabilities, allowing them to sustain and deflect such attacks.”
Mark Chaplain, VP EMEA for Ixia, told us that botnets are likely behind the offensive.
“The availability of ‘DDoS as a service’ and large-scale botnets for hire makes it relatively easy to launch large-scale attacks that can even disrupt the operations of these internet services companies, which have infrastructures designed to handle high traffic volumes,” he said. “Organizations can mitigate the impact of these attacks by reducing their attack surface—blocking web traffic from the large numbers of IP addresses globally that are known to be bot-infected, are known sources of malware and DoS attacks.”
Higher-volume attacks have become more frequent.
“With the sheer volume of traffic that the modern DDoS attacks can create (see the recent Brian Krebs DDoS attack as one good example), even the best defenses can be strained to protect against these monstrous attacks, which requires constant improvements to infrastructure and the methods in which these organizations defend themselves from DDoS and other cyberattacks,” said Nathan Wenzler, principal security architect at AsTech Consulting, via email.