US authorities are now investigating the DDoS attacks - there were three but the last one was easily mitigated - which reportedly affected websites and services such as Amazon, Twitter, Netflix, Spotify, PayPal, AirBnb, Reddit, Tumblr, GitHub, and the New York Times, and spiked DNS connection times for sites around the world.
In response to the first attack on Dyn servers on the US East Coast, which started at approximately 7:00am ET, Scott Hilton, executive vice president of products at Dyn, said in an email statement to Capacity: “Dyn received a global DDoS attack on our Managed DNS infrastructure in the east coast of the United States. DNS traffic resolved from east coast name server locations are experiencing a service degradation or intermittent interruption during this time."
Dyn’s NOC team was able to mitigate the attack and restore services to customers approximately two hours later. “After restoring services, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast PoPs), but was mitigated in just over an hour; service was restored at approximately 1:00pm ET,” Kyle York, chief strategy officer at Dyn, said in a statement on Saturday.
WikiLeaks tweeted on Friday:
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL — WikiLeaks (@wikileaks) October 21, 2016
York added: “At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion.
“The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Dyn published a number of updates about the attacks, which were caused by Mirai malware, a DDoS Trojan which targets Linux systems and, in particular, IoT devices. It uses malware from phishing emails to infect computer or home networks initially, then spread the virus to various devices to create a robot network.
The attack comes amid heightened cybersecurity fears and a rising number of internet security breaches. What’s disturbing is not only was this DDoS attack capable of taking down major portions of the internet, causing intolerable latency rates, but it took down one of the most authoritative domain name system (DNS) providers in the market.
CNBC reports the Department of Homeland Security is examining the potential causes adding that a state-sponsored or a directed attack is thought to have been ruled out. However, it seems a group called 'New World Hackers', which claimed it was behind a DDoS attack on the BBC earlier this year, has declared responsibility for the massive cyberattack via Twitter:
Just having a little fun. Annual power test!#NwHackers — New World Hackers (@NewWorldHacking) October 21, 2016
Earlier this month, a number of reports warned that a hacker had publicly released the Mirai IoT botnet source code. The hacker, only known as ’Anna-senpai’, released the source code online, along with a tutorial, with many stating it could mark the beginning of a wave of high-powered IoT botnet DDoS attacks.What’s brutally clear is that breaches in the IoT space is on the up and guidance and regulations for IoT device security is needed now more than ever.