one of the leading service providers of domain name resolution american has been the victim of a denial of service attack massive this 21 October. Access to the sites of several of its large customers was affected for several hours.
The service provider of domain name resolution (DNS) in the u.s. Dyn has been the victim of a large denial of service attack (DDoS) on 21 October. It has led to problems of access to some great web sites listed among its customers, including Reddit, Twitter, Spotify, Airbnb, GitHub, Paypal, or eBay. Several media sites have also been affected, such as those of CNN, the New York Times and the Wall Street Journal. Some of the sites affected have been able to save latency time abnormally long or even downtime complete, including from Europe. The drafting of the TD (based in Paris) has been able to see an access time unaccustomed to Twitter on Friday afternoon (the pages may take several tens of seconds to be displayed).
Target a DNS to take down the biggest sites
“The attack has affected mainly the East Coast of the United States and the customers of our DNS service in this region,” says Dyn on his site. In the late afternoon, the company informed him that his service was the subject of a second wave of attacks, and then a third, and stated to be still in the process of analyzing the problem and seek solutions. In the early evening, the service mapping DownDectector still had failures on the network of Level3, mainly located in the United States (see capture below).
A little after midnight Saturday morning, Dyn claimed to have solved the problem.
A network of objects connected zombies
To reach their end, the attackers have been using hundreds of thousands of connected objects previously infected by a virus. A network IoT zombies that they were able to exploit to launch billions of queries on the DNS in order to make it non-working (this is where the principle of denial-of-service). Connected objects targeted here ? These include webcams or dissemination devices, or video recording… It is the malicious code Mirai, which has been used by the hackers to divert them from their usual mission.
“DNS is a protocol particularly targeted by the pirates of the relative simplicity of forging powerful attacks and the damage caused. Address to a DNS provider-specific, as Dyn, can also disrupt a broader range of targets,” said Vincent Lavergne, editor of security software F5 Networks. “The pirates have recently used this approach in several attacks on high-level. A botnet is a IoT based on the virus Mirai has already been used earlier this month in France against OVH. It was, also, one of the largest DDoS attacks ever recorded.”
No comments:
Post a Comment