Industry News

DDoS attack against DNS provider knocks major sites offline

Web users are struggling to reach some of the world’s most well-known websites – including Twitter, Spotify, Github, Reddit and AirBnB – after the managed DNS service they use, Dyn, was hit by what appears to have been a significant distributed denial-of-service (DDoS) attack.

As we recently described on the Bitdefender Business Insights blog when discussing domain name hijacking, Domain Name System (DNS) records are what helps convert the human readable addresses you enter into your browser’s URL bar (eg. hotforsecurity.com) into a numeric IP address that the internet understands.

Specialist companies like Dyn look after the DNS records of websites but, if they suffer an outage, the impact can be seen across a wide number of sites.

github-status
Source: Twitter

Presently many of the reports of difficulties accessing sites are coming from users in the East coast of the United States, but it’s possible that other computer users are also experiencing problems getting to their favourite sites.

We don’t know how big the attack is against Dyn, but you would expect the company to have fairly robust defences to fend off these types of attacks. Consequently I would imagine it is quite a sizeable DDoS attack, but we don’t have the necessary information right now to confirm.

level3map
Source: thenextweb.com

If you are affected by the outage you might have more luck in reaching sites by using a VPN proxy, which can disguise your internet use to make it appear as though you are based in another part of the world.

Inevitably there will be speculation as to who is behind the attack and their motivation, but right now there doesn’t appear to be much in the way of facts to point fingers in any particular direction.

It is, however, another reminder of just how fragile the internet can be when faced by a major denial-of-service attack. Many companies would be wise not to treat DNS security and infrastructure as an afterthought, as if it suddenly disappears beneath you no-one will be able to get to your website anymore.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment