Early this morning, a large distributed denial of service attack (DDoS) directed at the Internet performance management company Dyn caused Web site outages for a number of its customers, including Twitter, Reddit, Spotify and SoundCloud. Services were restored to normal by 9:20 a.m. Eastern Time, the company said.
In a status update shortly after 7 a.m., New Hampshire-based Dyn reported that it was monitoring and working to mitigate a DDoS attack against its own managed domain name system (DNS). Affecting mostly the eastern U.S., the attack caused a number of Dyn customer Web sites to experience delays in loading.
A DDoS attack occurs when malicious actors overload an Internet site or service with massive amounts of traffic from hacked or otherwise compromised systems in different locations. In the case of the attack on Dyn, this affected the company’s ability to manage DNS queries and connect traffic to customers’ proper IP addresses at normal speeds.
Attack on ‘Half the Internet’
While today’s DDoS attack was resolved relatively quickly, a number of news sites described it as having shut down “half the Internet” for users on the East Coast. In addition to customers, such as Twitter and Reddit, Dyn’s client list includes large sites such as About.com, CNBC, Etsy, RedHat and Zillow.
The scale and scope of DDoS attacks have been growing dramatically over the past year or so. Last month, for example, writer Brian Krebs’ KrebsOnSecurity Web site was temporarily brought down by a recording-breaking DDoS attack generating traffic levels of up to 620 Gbps. Shortly afterward, the France-based hosting company OVH sustained a DDoS attack that was nearly twice as massive as the one on Krebs’ site.
In a blog post about today’s attack on Dyn, Krebs noted that the recent scale of attacks has caught Internet security companies off-guard. “DDoS mitigation firms simply did not count on the size of these attacks increasing so quickly overnight, and are now scrambling to secure far greater capacity to handle much larger attacks concurrently,” Krebs said.
‘Only the Beginning’
Security experts are blaming the rise of increasingly massive DDoS attacks on the rapidly expanding number of network-connected devices on the Internet of Things (IoT). Earlier this month, researchers at Akamai Technologies, who identified a 12-year-old vulnerability in the OpenSSH security utilities suite, noted that weak protections on IoT devices has helped to create the “Internet of Unpatchable Things.”
“The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers,” Krebs said today.
What all these connected devices have in common is the existence of security vulnerabilities caused by a flawed software design or gross negligence on the part of their manufacturers that all often use the same factory passwords for all their devices, OVH said in a recent post about the attack on its networks.
“While our internal investigation (which is still ongoing) has identified close to 145,000 infected connected devices as the source of the recent attacks, network service provider Level3 has recently assessed their number at more than a million,” according to OVH. “So we’re only at the beginning of the problem, not to mention the fact that Internet connection rates are constantly growing, notably due to the ever-increasing availability of VDSL, SDSL, and fiber optics.”
