Hacker DDoS Attacks Against DynDNS Knocked Major Services Off Line

MANCHESTER, NH (The Hacker News)—The Internet recently witnessed a record-breaking largest Distributed Denial of Service (DDoS) attack of over one terabit per second (1 Tbps) against France-based hosting provider OVH, and Friday (October 21, 2016) the latest victim of this cyber attack was none other than DynDNS, an Internet performance management company.

This sudden outage of popular sites and services, including Twitter, SoundCloud, Spotify, and Shopify, for many users, flooded social media with outrage and uproars. According to a post on Ycombinator, it was because of a DDoS attack against the popular Domain Name System (DNS) service provider Dyn.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS. Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, security cameras, WiFi-connected smart TVs, baby monitors, DVRs, Blu-ray players, and enslaves vast numbers of our compromised devices into a botnet, which then is unleashed to conduct malicious DDoS attacks at will. Since the source code of Mirai Botnet has already been made available to the public, anyone can wield DDoS attacks against selected or random targets.

The DNS acts as the authoritative reference for mapping domain names to Internet Protocol (IP) addresses. In other words, DNS is simply an Internet’s phone book that resolves human-readable web addresses, such as “bdpatoday.com“, against IP addresses.

DynDNS is used by many websites and services as their upstream DNS provider, including Twitter, Spotify, SaneBox, Reddit, Box, Github, Zoho CRM, PayPal, Airbnb, Freshbooks, Wired.com, Pinterest, Heroku and Vox Media properties. All of these sites and services reportedly experienced major outages and significant downtime.

According to DynDNS, the DDOS started at 11:10 Coordinated Universal Time (UTC) , or 7:10 EDT, and mostly affected its customers in the East Coast of the United States, specifically Managed DNS customers. At that time, it simply was not very clear who and what really was behind this DDoS attack, but company officials said their engineers were working on “mitigating” their issues.

This massive outage drew the attention of Department of Homeland Security (DHS) and the FBI which stated they were “investigating all potential causes” of the attack. View top daily DDoS attacks worldwide: digitalattackmap.com.

Keywords: botnet, Cyber, cybersecurity, DDoS, DNS, Mirai

—Sources: thehackernews.com, Ycombinator
by Swati Khandelwal
Cover photo: Norse