Outage map via downdetector.com
The internet broke on Friday. Or at least, a large, very popular portion of it did.
Hundreds of popular sites including Twitter, Netflix, and CNN have faced intermittent issues and outages following an ongoing Distributed Denial of Service (DDoS) attack on New Hampshire-based Managed DNS provider Dyn.
In a series of statements, Dyn said that it first became aware of the attack around 7:00 a.m. EST Friday morning and that its services were restored roughly two hours later. Two hours after that, the company said it was working to mitigate another attack. The DDoS incident was finally resolved at 10:17 PM Friday night.
Notable sites knocked offline by the attack include:
Box
CNN
Etsy
Github
Grubhub
Guardian.co.uk
HBO Now
Imgur
Okta
Paypal
Playstation Network
ReCode
Spotify
Urbandictionary.com
Wired
Zoho CRM
Netflix
Fox News
NHL.com
According to researchers at Flashpoint, the massive DDoS attack was the product of Mirai, a malware that co-opts vulnerable “Internet of Things” (IoT) devices such as CCTV cameras, webcams, DVRs, printers, and more.
Flashpoint researchers found that the botnet used in Friday’s attacks was made up of DVRS and web-connected cameras made by a Chinese company called XiongMai Technologies.
After that revelation, Xiongmai announced a recall of some its products sold in the US and promised stronger password functions and a patch for products made before April last year.
A group called New World Hackers has claimed responsibility for the attack, which they called a “capabilities test,” but the claim has not been independently verified. The New World Hackers group is known for knocking the BBC offline last year.
As of yet, the true intentions of the attack are unknown—it could be a capabilities test for taking down the internet, as indicated by New World Hackers, but as noted by Paul Mazzucco, TierPoint CSO and Solutions Reviews contributor, DDoS attacks are often deployed as smokescreens, intended to provider rover for a more serious breach or theft of data.
“About one-third of all DDoS attacks are multi-vector attacks that include more subtle invasions that never cross the IT security radar until it’s too late,” said Mazzucco.
The U.S. Department of Homeland Security is monitoring the situation, White House spokesman Josh Earnest told reporters Friday, but has not released any information on who may have been behind the attack.
Jeff Edwards
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
- Six Endpoint Security Vendors to Watch in 2018 - November 28, 2017
- Bitdefender Releases Cloud-Based Endpoint Detection and Response Tool - November 13, 2017
- CrowdStrike Adds Vulnerability Management Module to It’s Endpoint Protection Platform - November 10, 2017
