Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    sales and data analytics
    How Data Analytics Improves Lead Management and Sales Results
    9 Min Read
    data analytics and truck accident claims
    How Data Analytics Reduces Truck Accidents and Speeds Up Claims
    7 Min Read
    predictive analytics for interior designers
    Interior Designers Boost Profits with Predictive Analytics
    8 Min Read
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: Massive DDoS attack spotlights internet choke point
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Cloud Computing > Massive DDoS attack spotlights internet choke point
AnalyticsCloud ComputingITPolicy and GovernanceSecurity

Massive DDoS attack spotlights internet choke point

CIO Dive
CIO Dive
7 Min Read
Image
SHARE

Image

Contents
A single point of failureMotives unknown

Friday’s mass DDoS attack against a DNS provider spotlights a long-standing weakness in how traffic moves across the internet. 

Image

More Read

Big Data - Bruno Aziza
5 Steps To Winning with Analytics: Have a plan
The IT Project Process: 4 Steps to Better Technology
7 Enterprise Applications for Companies Using Cloud Technology
Saving Money and Lives With Predictive Maintenance
5 Applications of Predictive Analytics

Friday’s mass DDoS attack against a DNS provider spotlights a long-standing weakness in how traffic moves across the internet. 

Internet services were interrupted several times Friday following a mass DDoS attack that caused disruptions of Netflix, Twitter, Spotify, SoundCloud, GitHub and Reddit, to name a few.

Both the Department of Homeland Security and the Federal Bureau of Investigation are looking into the attack, officials told Reuters. Much is unknown, but right now experts say the DDoS attack primarily hit Boston-based DNS provider Dyn.

Carl Herberger, vice president of security solutions at Radware, believes the attack was actually directed at one or more of Dyn’s customers, which in turn impacted Dyn and cascaded down to interrupt service for customers.

“Because of the way that the internet is built, that means that anybody that was resolving their domain name and was using Dyn DNS as an Authoritative DNS server, then they became instantly unavailable on the internet,” Herberger said.

Basically, there were fewer intended targets, but collaterally the hosting provider went down, which caused cascading damage to other companies.

Of those impacted by the DDoS attack, “the only common thread is it’s all kind of Netflix and Chill type stuff,” said Dimitri Sirota, CEO of BigID. “Taking down SoundCloud and Spotify and [a few] shopping sites, I don’t know who’s going to be impacted, especially on a Friday.”

A single point of failure

DNS providers are essentially soft targets because of the number of companies that rely on them and the very nature of their service makes them hard to secure. 

“This is a great place where people can attack — a single point of failure on the internet — and it can take down a lot of companies,” Herberger said.  “They have to receive users who they don’t know, because that’s the way the system works. They can’t really judge the validity of these users very easily.”

An Authoritative DNS manages domain names, availability, and resiliency. The service is also lower-cost, feature-rich and typically more secure.

There are only a few core service providers in terms of market share — numbering in the 10s, not the hundreds. “They resolve most of the world’s company’s IP addresses,” Herberger said. “This is just the way things work today.”

DNS providers have worked to innovate, developing tech to improve both performance and security. But, in turn, the sophistication of DDoS attacks have increased, both in terms of frequency and volume, according to Sirota.

The rise of these attacks was likely, particularly because of the ROI. By automating the process using bots, DDoS attacks take very little effort but can cause companies significant damage, particularly to reputations.

A SecureWorks underground hacking market analysis from earlier this year found weeklong DDoS attacks cost the attacker between $200 and $555. But those organizations suffering an attack? They could lose $100,000 or more per hour in a peak-time DDoS related outage, according to a Neustar survey.

DDoS attacks can also be difficult to defend against, because humans are tasked with fighting “automated and botted” attacks, according to Herberger.

“Humans will never catch this, at this moment. They’re not fast enough,” Herberger said. “By the time they figure out what happened, it’s already done and gone. What really has to happen, is the protection’s really have to become automated.”

Motives unknown

The Dyn DDoS attack comes at a time when security sensitivity is heightened because of concerns over election cybersecurity. Experts will investigate the attack in the days and weeks to come, particularly looking for a thread that connects the Dyn attack to other incidents.

The big question hovering over the incident is why go after a DNS provider that supports sites popular with millennials, according to Sirota.“People aren’t just trying to make millennials life a little bit hard. There must be some alternative.”

DDoS attacks can serve as cover for other malicious actions. It is also possible that the attack was an experiment used to test a new mode of attack.

“Is the intention to just try out a new way of hijacking unattended devices, like TV monitors and turn them into zombies that drive traffic? Is the intention to use the attack as a distraction so that these companies like Shopify aren’t necessarily paying attention to other parts of their infrastructure? It’s hard to say,” Sirota said.  

With such a massive attack, companies will likely start paying more attention to their DNS providers, to ensure those organizations have resiliency plans in place. Right now, there is no standard checklist for suppliers to articulate what levels of security they meet.

“People are starting to see how fragile really a lot of these conveniences that we’ve come to know and love are,” Herberger said. “A lot of these security concerns are very valid and it’s playing out.”

DNS providers traditionally operate on very low margins and offer a commoditized service, where people don’t spend a lot of money. Because of that, people tend to not check into security, focusing at most on what’s in the service level agreements companies sign with the providers.

To prevent against this, someone has to ensure that protections are put in place. For example, the government could mandate certain critical infrastructure protections be kept in place to make sure the internet keeps up and running, according to Herberger.


This post originally appeared on our sister publication, CIO Dive. Our mission is to provide busy professionals like you with a bird’s-eye-view of the Information Technology industry in 60 seconds. To subscribe to our daily newsletter click here.

Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

sales and data analytics
How Data Analytics Improves Lead Management and Sales Results
Analytics Big Data Exclusive
ai in marketing
How AI and Smart Platforms Improve Email Marketing
Artificial Intelligence Exclusive Marketing
AI Document Verification for Legal Firms: Importance & Top Tools
AI Document Verification for Legal Firms: Importance & Top Tools
Artificial Intelligence Exclusive
AI supply chain
AI Tools Are Strengthening Global Supply Chains
Artificial Intelligence Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

Bridging the Communications Gap Between Utilities and Consumers

6 Min Read

Socializing

14 Min Read
data governance
Data ManagementPolicy and Governance

The Data Governance Insider – Year in Review

3 Min Read

OllieBray.com: Microsoft Bing Maps augmented reality demo at the TED 2010

1 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence
ai chatbot
The Art of Conversation: Enhancing Chatbots with Advanced AI Prompts
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?