Week-Long Multi-Vector DDoS Attack Targeted DNS Provider

A week-long DDoS attack targeted DNS provider NS1, aiming systematically at the company’s infrastructure.

While the company claims it’s constantly under such fire, this recent wave raises concerns as attackers have not only managed to scale the intensity of the attack, but they’ve also combined various, and unusually complex, attack methods. Besides traditional high volume traffic floods, upstream network resources have also been aimed directly.

Since no one has claimed responsibility for these attacks, tracking the culprits will prove difficult, the company’s CEO says.

“It is often difficult to determine the motivation of an attacker in a DDoS scenario or who is responsible,” said NS1’s CEO Kris Beevers. “By their nature, DDoS attacks are widely distributed and use compromised or poorly configured systems as vectors from which to carry out attacks. However, in this case we have little doubt that the target of the attacker was us, and not any specific customer of NS1.”

The company has already notified authorities and set up a mitigation mechanism to prevent customers from being affected by such attacks. Those whose business is directly impacted by DNS downtimes are advised to at least set up redundancy in their authoritative DNS setup, as to ensure reliability for their websites and applications.

“If your domains use only simple, “static”, RFC compliant DNS records then you can rely on the long established approach for introducing DNS redundancy: zone transfer between providers to enable a master-slave topology,” said Beevers. “If your websites and applications use advanced features like traffic management tools, then you may consider implementing automation to generate synchronized configurations across multiple providers, pushing changes to their APIs”.