Back
Image Alt

Black Friday for Major Websites! What Happened?

Black Friday for Major Websites! What Happened?

black-1271449_1280By now, everybody must have heard about the major cyber-attack on the East Coast. 21st of October was a Black Friday for major websites when giants like Twitter, Netflix and New York Times collapsed due to a very well-targeted DDoS attack.   I have been a Dyn customer in the because I had wanted a low TTL (Time To Live) so that if had an outage and wanted to switch quickly over to a failover location, we could do so rapidly and handling DDos attacks at the cloud partner level seemed like a solid plan to me.

What happened?

The massive DDoS attack targeted the Dyn servers, causing the collapse of hundreds of websites. The attack was not a hit and run, but more a hit and repeat, as the DDoS came in three powerful waves.

The first wave of attack started at 7 AM, followed by another one just before noon and ending with a third attack after 4 PM, coming from tens of millions of IP addresses at the same time. the results might not be what the hackers might have expected, the internet access to some of the websites was just slowed down, not taken down completely.

The initial reports showed that the attack was part of a DDoS type that infects connected devices. Once infected, these devices become part of a botnet battalion, associated with Mirai malware which was recently released to the public.

Could have this been prevented?

Yes, according to some experts. If Internet clients, such as Twitter, Netflix, and others affected had used a 2nd party for their secondary DNS, we wouldn’t be discussing this attack today.

However, even though Dyn mitigated this massive attack, we need to ask the question “Are we safe?” If a company like Dyn, an expert in this space, experienced such an attack, what would the damages of been if they targeted a single business.  This is exactly the reason why SMBs should be fully aware of the cyber threats they are vulnerable to and how to prevent being hacked.  My recommendation is that if you are an SMB, you should feel comfortable with your hosting provider’s and security company you have hired to keep you safe.

Coming back to the subject of the hour, here are a few approaches to defending against DDoS attacks that most cloud hosting companies offer as services:

  • Routers and firewalls – Configure your routers to filter unnecessary protocols and stop simple ping attacks or even invalid IP addresses.
  • Black-holing – This approach stops all traffic and diverts it to a black hole where it’s dismissed. The only bad part is that all traffic is discarded causing your business to go offline
  • Intrusion-detection systems, which will detect when valid protocols are being used for an attack
  • Proper configuration of servers might minimize the DDoS effects.

Bottom line, Friday was a reminder of how powerful can a cyber-attack be, and also a wake-up call not only for Dyn but also for all of us. We need to understand cyber security and make it our top priority. What about you? What’s your approach to cyber security?

Photo source: pixabay.com

Comment(1)

  • Tim Wessels

    November 12, 2016

    Well, Dyn did let its customer’s down, and yes, these high profile customers should have had a secondary DNS service provider ready to go. The problem is it is now relatively easy to launch massive DDoS attacks thanks to everyone’s new darling, the Internet-of-Things or IoT. The manufacturers don’t ship their Internet “things” in a secure default state, and customers can’t be bothered to put them into a secure state. The admin passwords on these devices are weak, and they can be easily compromised. They can be easily located on the Internet because they tell everyone listening that they are out there. This allows IoT devices to be marshaled into an army of Internet things to be deployed in massive DDoS attacks like the one directed at Dyn.

    Just over a year ago, ProtonMail, an encrypted email services provider located in Switzerland, was subjected to a massive DDoS attack that went on for days. The DDoS attack took down ISPs and their customers in addition to ProtonMail, which despite its lack of resources, was able to enlist the financial support of its user community and get top notch DNS service protectors like Radware to support them in the fight. Eventually, ProtonMail and its supporters were able to turn back the attack. ProtonMail is now able to protect itself against future DDoS attacks. Hope Dyn takes the lesson to heart and does what it will take to protect their customers.

Post a Comment