The Big, Bad Bot Problem Q1 2019 Report is Published. Download Now

The Big, Bad Bot Problem Q1 2019 Report is Published. Download Now

Dyn DNS attack: What it means for services routed through DNS

October 26, 2016 | All Automated Threats Bot Prevention Technologies

Dyn DNS attack

Just a couple of days ago, a majority of the websites along the US East Coast and West Coast were inaccessible due to a major DDoS attack on Dyn. Dyn provides managed DNS infrastructure services to several popular websites. During the attack, users of Twitter, Netflix, SoundCloud, Reddit, etc., faced delays or downtime, attributed to the DDoS attack.

DNS resolves the human-readable URL name to the IP address of the server that provides the web page or service to the end-user (like you or me). Generally, when we think of DDoS attacks, we think of the business downed by the act. A recent example could be the DDoS attack on Sony PlayStation™Network (PSN) by a hacking group called Phantom Squad. Though there were no financial demands from the hacker group instigating the attack, PSN went offline for thousands of users trying to access it.

However, last week’s Dyn DNS DDoS attack was different and well planned to impact thousands of businesses and millions of users, using compromised IoT devices.

A managed DNS provider like Dyn, who is at the top of the ISP stack, has many customers providing name server services to thousands of end-users. For example, a Dyn-dependent CDN provider serving hundreds of online businesses would have been impacted when Dyn was hit. There will be thousands of such providers using the managed DNS service. This means that, when Dyn was being attacked, all those online businesses tagged to these service providers, would have experienced latency delays and downtime, costing them thousands of dollars an hour.

During the attack – Who’s impacted?

If you are an eCommerce business owner, your users would have been unable to add items to the cart or left hanging mid-way through a transaction, because the page just wouldn’t load due to high latency. If you run a ticket booking website, your users wouldn’t have been able to search for flights or hotel availability. If you have a news site with thousands of visitors per hour, you’d have lost thousands of dollars in ad revenues.

In short, your online business would have faced downtime or latency, affecting your customers directly. It’s Dyn today. It could be OpenDNS tomorrow. For online businesses, let’s ponder over what we learnt from this attack, and if there’s a chance of avoiding downtime or high latency when this happens again, tomorrow.

Learnings for online businesses

There are so many online businesses that are dependent on the cloud infrastructure and service providers. When you choose a service provider (could be for marketing analytics, bot prevention, content caching, and so on.), make sure you consider the points below:

  1. Understand what disaster recovery mechanism the service provider follows to make sure your businesses doesn’t get affected during DDoS attacks
  2. Analyze the service provider’s architecture
  3. Get to know if they have external dependencies (for example, 3rd-party DNS providers). If so, what are their alternatives when one of them goes down?
  4. Do some research to understand who these 3rd-party vendors are, how credible they are, and how they may impact your website’s security

Wherever feasible, instead of a DNS-based approach, taking the API route will provide more flexibility to online businesses when DDoS attacks like these happen. This way, with a timeout, you can ensure that your services are not affected if something happens to your provider.

Were you or your business affected by the recent DDoS attack? If yes, what changes do you want to bring about that could protect your online business from downtime?

Tags: , ,

Subscribe to ShieldSquare Research and Blog
Thank you for subscribing
Thanks. Sent confirmation email.

Step Up and Take Action

Powered by Think201