[Resolved] Massive DDoS Attack Causes Internet Disruption for Several Popular Sites – 3rd Attack Under Way
Early this morning, attackers launched a cyberattack on a major internet management company. Dyn, which hosts domain name systems, announced today that it faced a massive cyberattack that caused problems for several websites, including some big names.
Several sites go offline after massive DDoS cyberattack
Dyn DNS is used by many websites as their upstream DNS provider, including Wired, PayPal, Github, and others. The problem with several of these popular sites and services appeared after a DDoS attack against the DNS service provider. All of these sites reported experiencing complete or partial outages and downtime. The DNS works like a mapping system for websites, figuring out and locating the human-readable, text URLs you type in the browser and locating servers that host the site's data.
Following the attack, people also reported issues with Twitter, SoundCloud, Airbnb, Spotify, Vox Media sites, and several other popular sites.
Uh oh, we’re having some issues right now and investigating. We’ll keep you updated!
— Spotify Status (@SpotifyStatus) October 21, 2016
The company confirmed that DDoS attack started at 7am EST and mostly affected users in the East Coast. Dyn reported that it has resolved the attack as of 9:20 am EST. However, Twitter still appears to be offline for many users.
The company hasn't provided any information about who it thinks could be behind this DDoS attack. "We are aware of the ongoing service interruption of our Managed DNS network. For more information visit our status page."
"This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue. Starting at 11:10 UTC on October 21th Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available. Customers with questions or concerns are encouraged to reach out to our Technical Support Team." - Dyn
The massive cyberattack comes at a point when there's high tension between the US and Russia. Only yesterday, it was confirmed that the Russian hacker arrested in Prague was linked to the LinkedIn hack. Following election hacks, the US government accused Russia of being behind these attacks. It is not immediately clear if the latest cyberattack is associated with the political hacks.
Homeland Security starts investigating the cyber assault
The FBI and the US Department of Homeland Security are now "investigating all potential causes," said spokesman Todd Breasseale. Homeland Security had earlier warned that hackers were using a powerful new approach to launch massive distributed denial of service attacks, infecting Internet of Things, like printers, smart TVs, routers, and other connected devices. Using these devices as bots, attackers could launch massive cyberattacks.
And the first major attack of these expected cyber assaults doesn't paint a pretty picture. Dyn is responsible for offering its services for managing DNS to some of the world's biggest corporations, including Twitter, Netflix, Visa, and SoundCloud.
Amazon's web services division has also reported an outage that lasted for several hours this Friday morning. One of the world's biggest cloud computing companies, the outage affected East Coast cloud customers. The problem is now resolved. However, investigations continue as many suspect possible links to election hacks.
Here's the updated outage map posted at 16:40 EST.
It appears that US is not the only region suffering from this massive DDoS attack as several services in Europe have reported facing online outages.
DC DMV can't accept credit cards because of internet attack
The online outage is apparently also affecting the District of Columbia Department of Motor Vehicles. The department has said that it cannot accept credit card payments for driver and vehicle services transactions.
Customers are advised to use cash, checks or money orders at the DMV service centers.
Timeline... Third attack underway
Friday's East Coast DDoS attack is possibly one of the biggest cyber attacks, we have seen in the recent times. The attack is only first of the many expected reminders of how connected devices can turn into bots, launching cyber assaults on some of the largest tech and financial companies.
The morning's attack started around 7am ET and was resolved after two hours. Then, the same company suffered a second attack that began just after noon. Dyn reports a third wave of attacks a little after 4pm ET. The company has called it a “very sophisticated and complex attack,” that involves tens of millions of IP addresses. In the last attack, West Coast was also affected by the cyber assault.
The attack used insecure connected devices, like printers and cameras to build a bot net. "These bots are geo spread and might even creating a legitimate traffic that will be very hard on the defender (Dyn) to cherry pick and block the right IPs," Eyal Benishti, CEO of Ironscales said. "This is a beginning of a new era. Someone just pooled a dooms day weapon and no one knows why!"
Dyn confirmed late Friday the third cyber attack "has been resolved."