Major websites such as Reddit, Spotify, and Twitter crashed for a couple of hours on Friday morning, because of a cyberattack made to the server of major DNS provider Dyn. The distributed-denial-of-service (DDoS) attack, which works by overwhelming targeted machines with malicious electronic traffic, affected many other websites as well, such as Wired, The Verge, Squarespace, Etsy, Box, GitHub, and Pinterest.
DDoS Cyberstrike Mostly Affected US
According to the Daily Mail, this outage mostly affected the east coast of the U.S., which was clearly manifested in the way that there wasn't any kind of problem with these sites in Europe. For some hours, this became a terrible situation in which users couldn't even post about the problems in Twitter since the social media was also inaccessible.
"Starting at 11:10 a.m. UTC on October 21, we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. This attack is mainly impacting U.S. East and is impacting Managed DNS customer in this region. Our engineers are continuing to work on mitigating this issue." Dyn stated through a security update on its website.
Top Websites Confirmed Targets By DDoS Cyberstrike
According to the International Business Times, GitHub confirmed its problems through a statement posted on HackerNews, in which the company explained that its services may be intermittently available at the moment, since there was an "incident" with its upstream DNS provider. For its part, Amazon Web Services also said it were having serious troubles, and that the company was working to resolve the root of the cause, which was effectively identified.
As reported by the Daily Mail, a Federal Investigation Bureau (FBI) representative said she didn't have any immediate comment on the outages issue. Also, it was revealed that one of the main reasons why this situation happened is because DNS´ lack of security.
"DNS has often been neglected in terms of its security and availability from an enterprise perspective - it is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on," Richard Meuus, VP of Technology at EMEA at NSFOCUS, said.
"This attack highlights how critical DNS is to maintain a stable and secure internet presence, and that the DDoS mitigation processes businesses have in place are just as relevant to their DNS service as it is to the web servers and data centers."