Was Friday’s DDoS Attack Part of a Troubling Trend?

Brought to You by The WHIR

Regardless of whether you work in the hosting industry, you would have likely encountered an outage Friday on a website that you may visit frequently, due to a DDoS attack targeting Dyn.

You can read the news story here.

A DDoS attack on an individual website can cause lots of issues in and of itself, but a DDoS attack on a DNS network has a much bigger impact. Friday's DDoS attack impacted sites ranging from Twitter to AirBnb to The New York Times and, even to PagerDuty, a site that helps alert you of downtime.

In an emailed statement, Dave Larson, Corero COO, explained how DDoS attacks against DNS providers can be particularly damaging.

“DDoS attacks targeted specifically against Domain Name Service (DNS) Providers can be especially damaging – not only for the intended victim – but from the perspective that there will also be significant collateral damage. A DDoS attack, regardless of the vector or technique utilized, against a DNS operator targeting a domain or group of domains can effectively shut down service to that domain, as well as any other domains serviced in a particular region. Innocent bystanders are immediately impacted until the attack subsides or a resolution is put into place,” Larson said in a statement.

“DNS providers are central to the operation of the internet and must consider DDoS attacks as a critical availability issue and maintain automated mitigation techniques in order to protect their customers from this breed of attack. Cloud based DDoS mitigation services which rely on human intervention, and re–routing of internet traffic in the event of DDoS will not suffice in these attack situations.”

The unfortunate thing is that last week’s event is not isolated. The WHIR has reported recently on a DDoS attack that reached 665 Gbps in size, and forced Akamai to drop Brian Krebs’ website from its DDoS mitigation service.

Brian Krebs, in a post on his website, explained why DDoS attacks are growing in size. Until Dyn releases a post-mortem of the attack, the size of it will likely remain unknown.

“The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks. The 620 Gbps attack that hit my site last month was launched by a botnet built on Mirai, for example.”

This first ran at http://www.thewhir.com/web-hosting-news/security-experts-weigh-in-on-dyn-ddos-attack