The day half the internet died

November 22, 2016 | Uncategorized | By Media Admin |
The recent DDoS attack marked an unprecedented level of cyberdisruption and highlighted major vulnerabilities in internet infrastructure.

Last month's distributed denial-of-service (DDoS) attack on global domain name service provider Dyn Inc. marked an unprecedented level of cyberdisruption - raising both eyebrows and concerns about the current (and future) state of a world that's almost completely and utterly reliant on the internet.

Among the more than 1,200 web domains affected by the outage were some of today's most popular sites, including Netflix, Twitter, Spotify and Reddit. It is still unclear who is behind the attacks. Some have been quick to suggest nation-state actors or a political conspiracy. Others - including the groups themselves - have given credit to well-known hacker groups New World and Anonymous. Although a definitive conclusion is yet to be reached, recent evidence links the attack to the hackerforum community and script kitties.

Current DDoS attacks highlight vulnerability of internet infrastructure
At least part of the DDoS attack was conducted using Mirai malware botnets. The source code for Mirai was publicly released earlier this year and has since been used in a number of recent DDoS attacks, including the one on KrebsOnSecurity, which hit a record for reaching a speed of about 620 Gbps.

"DDoS attacks have increased 83% in the past quarter."

Cybercriminals involved in DDoS attacks use botnets to flood an overwhelming amount of fake traffic to a network to cause either slowness or an outage. In this case, infiltrating Dyn's domain name server was basically like taking out the web's address book - causing it to shut down and rendering its domains unreachable.

According to Dark Reading, between the first and second quarter of 2016 alone, DDoS attacks have increased by 83 percent. What makes this recent DDoS attack so noteworthy is the high-volume scale that was achieved.

It didn't just knock one site offline for a short period of time.

It crippled a major chunk of the internet for hours - multiple times in one day, compromising tens of millions of IP addresses across multiple regions.

The calibrated sophistication of this event highlights a new level of threat and destruction made possible through botnets - especially those which exploit vulnerabilities in a wide range of smart devices, including phones, cameras and DVRs , or the Internet of Things.

How to prevent DDoS attacks
One of Chiron's security experts, Rich Moulton, recently explained to Fox45 that urgency for organizations to take preventative measures against DDoS attacks:

"Just the fact that you have hardware with an internet connection means that they can use what you have to get what they want," Moulton said. "When they start acting funny, find out why. Don't just dismiss it, because it may be that your device is being used in an attack."

In addition to preventing a cyber attack, it is imperative for businesses to also be prepared. The first wave of disruption that hit Dyn's DNS was resolved in about two hours, followed by a second round that was mitigated in about one. Although a third attack was attempted, it did not get to the point of impacting customers.

As one of the internet's first responders, Dyn's quick incident response management played a critical role in minimizing damage and restoring the domains. In its statement, the DNS provider explained that it is regular practice for their operations and security teams to conduct training scenarios to make ensure they stay ready to for attack.