Last Friday, a major cyber attack took down some of the world’s biggest websites. PayPal, Twitter, Reddit, eBay, Netflix, Spotify, GitHub, SoundCloud, and the PlayStation Network are all reported to have been affected by the attack.
Naughty cyber criminals launched a distributed denial of service (DDoS) attack on Dyn, a New Hampshire-based Internet performance management company, in the evening of Friday 24 October.
Because Dyn works with a huge number of websites - and provides domain name servers for even more - the effects of the attack spread to them as well. Most experienced intermittent outage, and some users found themselves unable to use the internet at all.
Dyn posted a detailed breakdown of how the attack went down, noting that while DDoS attacks aren't uncommon for the company and the sites it works with, this attack was "different".
"At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses," chief strategy officer Kyle York said. "We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations."
In a DDoS attack, hackers harness loads of internet-connected devices and make them all ping a server continually at the same time, causing the server to overload. Hijacking "10s of millions" of IP addresses to do this is off the scale, compared to similar attacks.
Web security expert Lawrence Orans said: "An attack of this magnitude can't be executed by a kid in his bedroom. It's more sophisticated than that. A nation state would be a prime suspect."
Robert Page of security testing company Redscan disagreed, however. He said: "The relative ease at which the attacks are executed suggests that the perpetrators are most likely teenagers looking to cause mischief rather than malicious state-sponsored attackers."
Dyn is still in the midst of investigating what happened and says it'll keep us all updated on its progress.
Source: Independent | Telegraph