October 24, 2016
As reported by Reuters, companies can reduce the risk from the type of cyber attack that took out major websites on Friday by using multiple vendors for the critical internet service known as a domain name service, or DNS, companies and security experts said on Sunday.
"We have advocated for years for redundancy in your infrastructure," said Kyle York, chief strategy officer for Dyn, the New Hampshire DNS provider that was attacked on Friday.
"I don't think you can ever be safe enough or redundant enough."
York said clients who used multiple servers "saw less of an impact."
Using multiple DNS providers can, however, make managing traffic more complicated and costly, experts said.
Friday's cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple digital devices such as webcams. Such devices often lack proper security, and hackers found a way to harness millions of them to flood a target with so much traffic that it can't cope.
The attack on Dyn and the resulting outage started in the Eastern United States on Friday and then spread to other parts of the country and Europe, affecting companies including Twitter and Paypal. DNS providers such as Dyn act as a switchboard for internet traffic.
"It's important to implement diversity geographically, as well as architecturally," for a defense against domain name service attacks, said Andy Ellis, chief security officer at Akamai Technologies, which helped Dyn recover on Friday.
Businesses can choose up to eight authoritative domain service providers, and some of the hardest-hit sites were customers who only picked Dyn.
Eliminating the threat from the unsecured devices that make up what's often called the Internet of Things will be a much tougher task, however. Many inexpensive webcams, connected thermostats, baby monitors and other products lack even basic security and sometimes use hard-coded passwords that are simple to break, security experts said.
Law enforcement authorities said on Friday they are investigating the attack. The tools making the new type of attack possible were released on the internet by unknown hackers last month, thus creating a long list of possible suspects.
"This is the new norm, the internet wasn't designed with these kinds of attacks in mind," said cyber security expert and entrepreneur Barrett Lyon.
Long term solutions would likely require governments to take far more responsibility for mandating internet security, experts agreed.
Chinese electronics component manufacturer Hangzhou Xiongmai Technology said on Sunday that weak default passwords on its products inadvertently played a role in the cyber attack, according to a report from IDG News Service.
The company said it has patched the flaws and now is asking customers to change the default password the first time they use it.
Source: Business Insider
Dyn Statement on 10/21/2016 DDoS Attack
It’s likely that at this point you’ve seen some of the many news accounts of the Distributed Denial of Service (DDoS) attack Dyn sustained against our Managed DNS infrastructure this past Friday, October 21.
We’d like to take this opportunity to share additional details and context regarding the attack. At the time of this writing, we are carefully monitoring for any additional attacks. Please note that our investigation regarding root cause continues and will be the topic of future updates. It is worth noting that we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses.
I also don’t want to get too far into this post without:
- Acknowledging the tremendous efforts of Dyn’s operations and support teams in doing battle with what’s likely to be seen as an historic attack.
- Acknowledging the tremendous support of Dyn’s customers, many of whom reached out to support our mitigation efforts even as they were impacted. Service to our customers is always our number one priority, and we appreciate their understanding as that commitment means Dyn is often the first responder of the internet.
- Thanking our partners in the technology community, from the operations teams of the world’s top internet companies, to law enforcement and the standards community, to our competition and vendors, we’re humbled and grateful for the outpouring of support.
Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet. We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful.
After restoring service, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast POPs), but was mitigated in just over an hour; service was restored at approximately 1:00 pm ET. Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time.
News reports of a third attack wave were verified by Dyn based on our information. While there was a third attack attempted, we were able to successfully mitigate it without customer impact.
Dyn’s operations and security teams initiated our mitigation and customer communications process through our incident management system. We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these.
What We Know
At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.
Thank You Internet Community
On behalf of Dyn, I’d like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support. We’re proud of the way the Dyn team and the internet community of which we’re a part came together to meet yesterday’s challenge. Dyn is collaborating with the law enforcement community, other service providers, and members of the internet community who have helped and offered to help. The number and type of attacks, the duration, the scale, and the complexity of these attacks are all on the rise. As a company, we have for years worked closely with the internet community to assist when others encountered attacks like these and will continue to do so.
It is said that eternal vigilance is the price of liberty. As a company and individuals, we’re committed to a free and open internet, which has been the source of so much innovation. We must continue to work together to make the internet a more resilient place to work, play and communicate. That’s our commercial vision as a company and our collective mission as an internet infrastructure community. Thank you.
Chief Strategy Officer
Related: Top 25 Risk Factors for Manufacturing Supply Chains