lolloj - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Dyn hit by massive DNS DDoS, Eastern U.S. bears brunt of attacks

At least two DNS DDoS attacks on Dyn are disrupting access to many popular websites, users and companies on the Eastern U.S. are impacted.

In the latest high-profile DDoS incident, DNS provider Dyn, Inc., reported an ongoing attack that is impacting operations on the U.S. east coast, with many popular sites reported to be affected including Twitter, Reddit, Spotify, Github and the New York Times.

The DNS DDoS attack started early on Friday morning, though Dyn reported that normal services had been restored by 13:20 UTC (9:20 am EDT), with another DDoS attack detected approximately two and a half hours after that.

Dyn's initial incident report read: "Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available." An hour after the second attack was detected, Dyn updated its incident report to state "This DDoS attack is may also be impacting Dyn Managed DNS advanced services with possible delays in monitoring."

Reaction to the initial attack was swift, although an hour after the second attack started Dyn reported it was responding to "several" simultaneous attacks.

Further conversation about the attack continued on Twitter, though in the hours following the start of the second wave some of the conversation was hampered by the ongoing attack.

"What causes me to pause and reflect most in regards to this breaking news is that Dyn DNS is a DNS SaaS provider. Its core job is to host and manage DNS services for its clients," Paul Calatayud, CTO of FireMon told SearchSecurity by email. "The impact and harm has a ripple effect attributed to the various clients Dyn services. As attackers evaluate their targets, and organizations run to the proverbial cloud for various reasons, it introduces interesting targets for the bad guys."

It's unclear who or what is behind the DNS DDoS attack on Dyn, though the incident follows similar attacks recently that leveraged compromised IoT devices. Jason Dixon, vice president for product strategy at New York City based open source monitoring company Raintank, blamed IoT botnets for the outage:

Last month Bruce Schneier wrote about unknown threat actors who have been "probing the defenses of the companies that run critical pieces of the Internet," published on the Lawfare blog, which in turn suggested that this morning's attack may be linked:

Software engineer and tech blogger Ben Dickson also blamed IoT botnets, tweeting:

And Jeremiah Grossman, chief of security strategy at SentinelOne, suggested that the emergence of the Mirai botnet was a preview of things to come:

Next Steps

Find out more about the Mirai botnet malware release.

Learn about the benefits of managed DNS services.

Read about the LizardStresser IoT botnet.

Dig Deeper on DDoS attack detection and prevention