DDoS vs DynDNS : the cyber attack that crippled American WEB giants | Informatorin blogista
This blog written by Gauthier was origanally posted on Informator’s blog on 26 October 2016.
You can find it here >
Security experts were unanimous: the Mirai botnets network had the capacity to massively disturb the majority of internet websites. Indeed, end of last week, it massively hit the DynDNS service, indirectly affecting thousands of american websites, for several hours.
DynDNS allows websites having dynamic IP addresses to only have a single URL, the company then taking care of providing the service redirecting the web user towards the right IP address.
On Friday night, the DynDNS service became victim of a harsh DDoS cyber attack from the Marai botnet network, which comprises of IoT devices such as IP security cameras and Routers/switches. Several major american players were affected, among which Netflix, Spotify, Twitter, Ebay and many others. In a nutshell, it is safe to say that all websites using DynDDS were affected, a share that was later estimated at just below 5% of the world wide web.
Mostly American web users got affected by those successive cyber attacks, even though a small share of Europeans also encountered difficulties while trying to log in to those services.
On Saturday, DynDNS published a blog post explaining the attack, and mentioning that the situation was now under control. Nevertheless, last Friday’s attack was very significant in terms of sophistication and complexity, not to mention the financial aspect of things. Indeed, Giants such as Paypal or Ebay are likely to have lost quite an amount of business during the downtime. Numbers are still to be communicated, if ever.
Do you feel the power?
No later than last Thursday, our trainer Erno Jeges was giving a presentation on secure coding. As part of our introduction, we spoke about the current situation with Botnets. While exchanging with some of the attendees, Erno mentioned how quickly a hacker, somewhere in the world, could assemble a “team” of 5,000 botnets. He then asked the audience : “Do you feel the power?”.Well, now, you know the power.Last October, a study revealed Mirai had around 213.000 infected machines. A few days ago, another study revealed that Mirai has over 500.000 infected machines.So, again… Do you feel the power?
What now?
Well, friends, the situation is dark. Due to the nature of the vulnerability (default credentials that the users might not always be able to change), more attacks can be expected in the following weeks since this whole mess will not be fixed by applying a single patch. In order for this to stop, the botnet network has to be stopped, somehow.This not all, however. Hackers started to sell access to a huge army of hacked IoT devices, so as to launch attacks capable of disrupting web connections. More information can be found here.
“It takes less time to do a thing right, than it does to explain why you did it wrong.” – Henry Wadsworth Longfellow
Gauthier