Supply Chain News

Dyn Urges Companies to Use Multiple Vendors in Wake of Cyber Attacks

Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders and cut access to some of the world's best known websites on Friday, a stunning breach of global internet stability.

Dyn Resources

Companies

  • BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, advisory and consulting services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced…

  • Dyn is a cloud-based Internet Performance Management (IPM) company that provides unrivaled visibility and control into cloud and public Internet resources. Dyn’s platform monitors, controls and optimizes applications and infrastructure through Data, Analytics, and Traffic Steering, ensuring traffic…

  • Company Quicklook

As reported by Reuters, companies can reduce the risk from the type of cyber attack that took out major websites on Friday by using multiple vendors for the critical internet service known as a domain name service, or DNS, companies and security experts said on Sunday.

"We have advocated for years for redundancy in your infrastructure," said Kyle York, chief strategy officer for Dyn, the New Hampshire DNS provider that was attacked on Friday.

"I don't think you can ever be safe enough or redundant enough."

York said clients who used multiple servers "saw less of an impact."

Using multiple DNS providers can, however, make managing traffic more complicated and costly, experts said.

Friday's cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple digital devices such as webcams. Such devices often lack proper security, and hackers found a way to harness millions of them to flood a target with so much traffic that it can't cope.

Kyle York

“I don't think you can ever be safe enough or redundant enough”Kyle York,
Chief Strategy Officer, Dyn

The attack on Dyn and the resulting outage started in the Eastern United States on Friday and then spread to other parts of the country and Europe, affecting companies including Twitter and Paypal. DNS providers such as Dyn act as a switchboard for internet traffic.

"It's important to implement diversity geographically, as well as architecturally," for a defense against domain name service attacks, said Andy Ellis, chief security officer at Akamai Technologies, which helped Dyn recover on Friday.

Businesses can choose up to eight authoritative domain service providers, and some of the hardest-hit sites were customers who only picked Dyn.

Eliminating the threat from the unsecured devices that make up what's often called the Internet of Things will be a much tougher task, however. Many inexpensive webcams, connected thermostats, baby monitors and other products lack even basic security and sometimes use hard-coded passwords that are simple to break, security experts said.

Law enforcement authorities said on Friday they are investigating the attack. The tools making the new type of attack possible were released on the internet by unknown hackers last month, thus creating a long list of possible suspects.


"This is the new norm, the internet wasn't designed with these kinds of attacks in mind," said cyber security expert and entrepreneur Barrett Lyon.

Long term solutions would likely require governments to take far more responsibility for mandating internet security, experts agreed.

Chinese electronics component manufacturer Hangzhou Xiongmai Technology said on Sunday that weak default passwords on its products inadvertently played a role in the cyber attack, according to a report from IDG News Service.

The company said it has patched the flaws and now is asking customers to change the default password the first time they use it.

Source: Business Insider

Dyn Statement on 10/21/2016 DDoS Attack
It’s likely that at this point you’ve seen some of the many news accounts of the Distributed Denial of Service (DDoS) attack Dyn sustained against our Managed DNS infrastructure this past Friday, October 21.

We’d like to take this opportunity to share additional details and context regarding the attack. At the time of this writing, we are carefully monitoring for any additional attacks. Please note that our investigation regarding root cause continues and will be the topic of future updates. It is worth noting that we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses.

I also don’t want to get too far into this post without:

  1. Acknowledging the tremendous efforts of Dyn’s operations and support teams in doing battle with what’s likely to be seen as an historic attack.
  2. Acknowledging the tremendous support of Dyn’s customers, many of whom reached out to support our mitigation efforts even as they were impacted. Service to our customers is always our number one priority, and we appreciate their understanding as that commitment means Dyn is often the first responder of the internet.
  3. Thanking our partners in the technology community, from the operations teams of the world’s top internet companies, to law enforcement and the standards community, to our competition and vendors, we’re humbled and grateful for the outpouring of support.

Attack Timeline
Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet. We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful.

After restoring service, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast POPs), but was mitigated in just over an hour; service was restored at approximately 1:00 pm ET. Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time.

News reports of a third attack wave were verified by Dyn based on our information. While there was a third attack attempted, we were able to successfully mitigate it without customer impact.

Dyn’s operations and security teams initiated our mitigation and customer communications process through our incident management system. We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these.

What We Know
At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.

Thank You Internet Community
On behalf of Dyn, I’d like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support. We’re proud of the way the Dyn team and the internet community of which we’re a part came together to meet yesterday’s challenge. Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise. As a company, we have for years worked closely with the internet community to assist when others encountered attacks like these and will continue to do so.

It is said that eternal vigilance is the price of liberty. As a company and individuals, we’re committed to a free and open internet, which has been the source of so much innovation. We must continue to work together to make the internet a more resilient place to work, play and communicate. That’s our commercial vision as a company and our collective mission as an internet infrastructure community. Thank you.

Kyle York
Chief Strategy Officer
Dyn


Related: Top 25 Risk Factors for Manufacturing Supply Chains


Article Topics
News   Supply Chain   Risk Management   Cyber Attack   Cybersecurity   All topics


Comments
Be the first to post a comment.
You must be logged in to post a comment. Login.

 
Latest Supply Chain News
DHL Launches Global Trade Barometer, a New and Unique Leading AI Indicator for World Trade
DHL Global Trade Barometer derives predictions for global trade by evaluating large amounts of logistics data with the help of Artificial Intelligence.

Maersk IBM Form Joint Venture Applying Blockchain to Improve Global Trade & Digitize Supply Chain
A.P. Moller - Maersk and IBM have announced their intent to establish a joint venture to provide more efficient and secure methods for conducting global trade using blockchain technology.

Designing a Logistics Distribution Model for the Future
Certified Retail Solutions specializes in delivering high-quality systems and services to help retailers manage their national technology deployment and on-site maintenance needs.

One Network Enterprises New One Blockchain Solution
New blockchain solution enables customers to build blockchain enabled multi-party apps and transact with trading partners over the blockchain.


 

24|7 Pro Team

The 24|7 Team is your direct pipeline to solutions for your business challenges. It's your opportunity to have supply chain and logistics experts look at your specific challenges and needs, and give you free, no-obligation advice, solutions, and information.

The 24|7 Team will simplify the task of creating a database of likely partners, building your knowledge base, and preparing your Request for Proposal list.

1
  Choose a topic for your RFP

Transportation RFP/RFI

The Transportation RFP is your direct pipeline to solutions for your transportation challenges. It's your opportunity to have logistics experts look at your specific transportation challenges and needs, and give you free, no-obligation advice, solutions, and information specific to your request.

Choosing the perfect software or system can be an indomitable challenge. Using this transportation/TMS RFP will simplify the task of creating a database of likely partners, building your knowledge base, and preparing your Request for Proposal list.

Warehouse/DC Management RFP/RFI

The Warehouse Management Systems (WMS) RFP is your direct pipeline to solutions for your WMS challenges. It's your opportunity to have logistics experts look at your specific WMS challenges and needs, and give you free, no-obligation advice, solutions, and information specific to your request.

Choosing the perfect WMS solution can be an indomitable challenge. Using this WMS RFP will simplify the task of creating a database of likely partners, building your knowledge base, and preparing your WMS Request for Proposal list.

Supply Chain RFP/RFI

The Supply Chain RFP is your opportunity to have logistics experts look at your specific challenges and needs, and receive free, no-obligation advice, solutions, and information. It simplifies finding a pool of likely partners, building your knowledge base, and preparing your Request for Proposal list. The companies in the Logistics Planner have agreed to respond to your request for in-depth information and follow-up, and your request is totally confidential.

Software/Technology RFP/RFI

The Software/Technology is your direct pipeline to solutions for your logistics information technology challenges. It's your opportunity to have logistics experts look at your specific technology challenges and needs, and give you free, no-obligation advice, solutions, and information specific to your request. Whether it's WMS, TMS, Mobile or Cloud, our pros can help.

The companies listed below have agreed to respond to your request for in-depth information and follow-up. Your request is totally confidential.

Executive Education RFI

The Logistics and Supply Chain Education RFI can help you identify the schools, coursework, continuing education, distance learning and certification opportunities available from leading logistics educational institutions.

Upgrade and improve your logistics and supply chain skillsets. Whatever route you choose—advanced degree, executive education, certification or distance learning—the time and money you invest in your education today can pay off in continued career success tomorrow. Contact leading universities and professional institutions for the information you need to prepare for the future.

Third Party Logistics RFP/RFI

This 3PL Request for Proposal (RFP)/Request for Information (RFI) can help you find the 3PL and 4PL providers that can meet your specific 3PL service challenges and needs. The 3PL companies below will provide free, no-obligation third-party logistics advice, solutions, and information.

Ask your 3PL questions, you'll get answers. Simply complete the information, and detail your 3PL challenges. Then, check off the third-party logistics companies that you want to review your request.

1. Choose an RFI topic.
2. Enter your contact information and challenge.
3. Select companies and optional categories.
4. Submit.


2

Your Information



Your Challenge, Problem or Request *

3

Select Transportation Companies

  • Select All

  • 3Gtms
  • BluJay Solutions
  • CSX Trans. Intermodal
  • Kuebix
  • Landstar
  • Legacy Supply Chain Svs.
  • One Network
  • Pitt Ohio
  • Purolator
  • Quintiq
  • SEKO Logistics
  • SMC3


Select Relevent Categories

  • Air Freight
  • Intermodal
  • Motor Freight
  • Ocean Freight
  • Rail Freight
  • TMS

Select Warehouse/DC Management Companies

  • Select All

  • 3PL Central
  • Apex Supply Chain Tech.
  • Honeywell Intelligrated
  • Kuebix
  • Legacy Supply Chain Svs.
  • Swisslog
  • Westfalia Technologies
  • Zebra Technologies


Select Relevent Categories

  • Auto ID & Data Capture
  • Automation
  • Conveyors & Sortation
  • Lift Trucks
  • Packaging & Labeling
  • Pallets & Containers
  • Shelving & Racking
  • WMS

Select Supply Chain Companies

  • Select All

  • 3Gtms
  • 3PL Central
  • Amber Road
  • Apex Supply Chain Tech.
  • APICS
  • BluJay Solutions
  • CSX Trans. Intermodal
  • Frontier Business
  • Kuebix
  • Legacy Supply Chain Svs.
  • Logility
  • One Network
  • Purolator
  • Quintiq
  • SMC3
  • Synchrono
  • TAKE Supply Chain
  • Westfalia Technologies
  • Zebra Technologies


Select Relevent Categories

  • Global Trade
  • Inventory Management
  • Risk Management
  • Sustainability

Select Software/Technology Companies

  • Select All

  • 3GTMS
  • 3PL Central
  • Apex Supply Chain Tech.
  • BluJay Solutions
  • Honeywell Intelligrated
  • Frontier Business
  • Kuebix
  • Logility
  • One Network
  • Quintiq
  • SMC3
  • Swisslog Logistics
  • Synchrono
  • TAKE Supply Chain
  • Zebra Technologies


Select Relevent Categories

  • ERP
  • Sales & Operations
  • Sourcing/Procurement
  • Optimization
  • Transportation Mgmt
  • Warehouse Mgmt

Select Executive Education Choices

  • Select All

  • Graduate Courses
  • Online/Distance
  • Executive Education
  • Certifications
  • Undergraduate
  • Seminars
  • Associations
  • Conferences
  • Tradeshows


Select Third Party Logistics Companies

  • Select All

  • 3PL Central
  • Landstar
  • Legacy Supply Chain Svs.
  • Purolator
  • SEKO Logistics
  • Westfalia Technologies


4
 

24|7 Company Profiles