Dyn DDoS attack: Industry reaction and analysis

At the end of last week the big news was that DNS provider Dyn was was hit by a huge Distributed Denial or Service (DDoS) attack, affecting several big name websites including Twitter and Netflix.

With the news still being a hot topic of conversation, various industry professionals have offered their reaction and analysis.

Chris Sullivan, General Manager of Intelligence/Analytics at Core Security Inc:

“This outage appears to have resulted from a new breed of very high volume DDoS, or denial-of-service attacks, that will be difficult to handle with the defenses that most enterprises have in place today.

"The really frightening part of this is not that we will be struggling with these new attacks for some time, but that the underlying weakness which makes them successful can and will be used to unleash more serious attacks that steal credit cards and weapons designs, manipulate processes like the SWIFT global funds transfers, and even destroy physical things the 30,000 PCs at Saudi Aramco.

"Ultra-large IoT botnets are instructed to make so many superfluous requests of the target that legitimate requests cannot get through. No real damage is done but service is denied for legitimate users. Maybe you can’t get to twitter for an hour. But these same devices also have access to what we think are highly secured corporate, nations state and defense networks. They can be used to launch attacks on those networks from the inside where all of the net-generation firewalls, intrusion prevention and user based analytics tools won’t even see them.

"Companies should move immediately to get control of this situation both to protect themselves and because, in the wake of these new high profile events, it’s likely to be mandated by new law. What is required now is the deployment of systems that don’t try to control the IoT devices but rather watch and learn how they behave so that we can identify malicious activity and isolate them when necessary.”

 Jeremiah Grossman, Chief of Security Strategy at SentinelOne:

"Because DNS is vital to every person, business and website across the entire internet for system stability and performance, online businesses commonly outsource DNS management to third-party providers who have better and more reliable infrastructures to operate on behalf of their customers.

"Historically, this has worked to everyone's benefit. However, what we're now seeing is that in light of the way the infrastructure works in the security landscape, they are attractive targets for large-scale DDoS attacks - because if you take out one of these DNS service providers, you can disrupt a large number of popular online services, which is exactly what we're seeing today. 

"Given the drastic increase lately in the size and scope of DDOS attacks, DNS providers are scrambling to increase bandwidth capacity to withstand the latest attacks. That's why we have these providers - they do it so that the rest of us that use them don't have to incur the cost of doing so."

Mike Hanley, Director at Duo Labs:

“This is analogous to ransomware attacks in the healthcare sector in a number of ways - attackers use attacks that are relatively cheap and most likely to force payment of ransom (or force some other change in the victim's behaviour) in exchange for ceasing the attack.

"In more traditional hospital ransomware attacks, attacks are successful because devices are often relatively less secure and the victims cannot tolerate outages of systems used to provide life-saving services. In this case, attackers are leveraging the low cost of subverting poorly secured IoT devices (connected cameras, etc.) at scale and hammering their targets with traffic rates we've not previously seen before.

"Attacks on DNS providers are particularly damaging given that DNS is so critical to how we navigate the Internet today. This is part of the cost to the security of the Internet when devices are shipped to millions of consumers after little or no attention to security during their development and no promise for timely delivery of security updates.”

Dr. Chase Cunningham, Networks Director of Cyber Operations,  A10 Networks:

“This is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent. It was an interesting point to see that the bad guys are moving upstream for DDoS attacks on the DNS providers, instead of just against sites or applications.

“Threat actors are leveraging unsecure IoT devices to launch some of history’s largest DDoS attacks. The immediate solution is for manufacturers to eliminate the use of default or easy passwords to access and manage smart or connected devices.

"Consumer adoption will be tricky, but this change is critical for the greater security of all. This will hinder many of the global botnets that are created and deployed for malicious use.” 

Image source: Shutterstock/alexskopje