On Friday Oct. 21, several sites including Twitter, CNN and Netflix experienced a massive distributed denial of service (DDoS) cyberattack that was first noticed at 7:00 a.m. Eastern time. The sites affected were all reportedly using Dyn’s cloud services, and primarily affected users on the East Coast.
According to Scott Hilton, executive vice president of products for Dyn, the attacks had been mostly resolved by 9:20 a.m. Eastern time; however, additional reports note another round of attacks has occurred.
“Dyn received a global DDoS attack on our Managed DNS infrastructure on the East Coast of the United States,” said Hilton in a statement during the outage. “We have been aggressively mitigating the DDoS attack against our infrastructure.”
DDoS attacks have become major issues within the last year. Generally, DDoS attacks send massive amounts of information to sites resulting in so much traffic that they are unable to process requests from real users. Generally, the cyberattack will involve weaponizing Internet of Things (IoT) devices and bots to redirect information from appropriate receiving sources to the target domains.
With the massive amount of investment into the IoT, it is possible that attacks like these could get worse and occur more frequently. IoT devices are especially vulnerable to hacks because of security concerns not at the forefront in IoT device design.
Dyn serves to provide the architecture — the domain-name system, or DNS, the helps redirect users from easy to remember domains, to the actual IP addresses for the company’s servers. The cyberattack was targeting Dyn specifically as it is one of the largest DNS providers and serves such a wide net of businesses. By attacking the DNS rather than the individual sites, the DDoS is exponentially multiplied.
According to one report, the sites affected include, but are not limited to:
No one has claimed responsibility for the attack yet, but Reuters is reporting that U.S. government officials are exploring whether the attack was a "criminal act."
BREAKING: U.S. government probing whether east coast internet attack was a 'criminal act' - official— Reuters Top News (@Reuters) October 21, 2016