All but three data centers where DNS provider Dyn hosts its global infrastructure came under attack in last week’s massive DDoS strike that disrupted some of the internet’s most popular destinations, such as Spotify, Amazon, HBO Now, Twitter, and The New York Times, among others.
Dyn’s servers sit in 20 data centers spread around the world, and the attack — implemented at least in part by using a botnet created by software called Mirai, which hijacks poorly secured IoT devices, such as CCTV cameras and DVRs — was directed at 17 of those sites, according to an analysis by ThousandEyes, a provider of global network monitoring services. The three data centers that were not affected are in Warsaw, Beijing, and Shanghai.
“At the height of the attack, approximately 75 percent of our global vantage points sent queries that went unanswered by Dyn’s servers,” Nick Kephart, senior director of product marketing at ThousandEyes, wrote in a blog post. “In addition, the critical nature of many of these affected services led to collateral damage, in terms of outages and performance impacts on sites that are only tangentially related to Dyn (including this blog).”
In addition to bringing light to the fact that the explosion of the Internet of Things will require extra effort to make sure all the devices coming online are secure in order to prevent them from being high-jacked by hackers wholesale, the incident underscores the importance of a multi-vendor strategy when it comes to anything related to core internet infrastructure.
As Kephart pointed out, while the attack affected all Dyn customers, the damage to companies that relied on it as their only DNS provider was a lot greater. Most of Dyn’s customers are in the latter group, according to ThousandEyes. “Because they didn’t have a backup DNS provider to fall back on during the DDoS attacks, these customers were the most vulnerable to complete service unavailability,” Kephart wrote.
Users of Amazon Web Services, for example, saw some disruption when trying to access certain APIs in some of Amazon cloud’s availability zones, but that disruption was limited to relatively few end points, because the company uses multiple DNS providers, including its own DNS service.