Reports: Cyberattack Spurs Widespread Internet Outage On East Coast
Internet performance management company Dyn was reportedly hit by a cyberattack, prompting widespread internet outages that reverberated across the East Coast on Friday morning, according to a post on website Hacker News.
Dyn, based in Manchester, N.H., said its server infrastructure was the target of a distributed denial-of-service attack (DDoS) that specifically impacted its Managed Domain Name Servers (DNS) customers.
In the meantime, a slew of popular websites that rely on Dyn's traffic management and optimization services were either down or were experiencing issues, including Twitter, Spotify and Github.
[Related: Akamai CSO: DDoS Attacks 'Absolutely' Rising]
Dyn took to Twitter on Friday morning to acknowledge the massive service disruption for users that were able to access the social media site.
On its site, Dyn said: "Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time."
The company also informed users via Twitter that its DNS services had been returned to normal operation as of 9:36 am ET. Dyn said it is still investigating the source of the attack.
In addition to the websites that were experiencing downtime, internet service providers on the East Coast also addressed the outage.
Cable company Comcast commented Friday morning that the known DNS issues were resolving, and that its engineers are "closely monitoring this external issue."
After Dyn noted that services had been restored, telecom provider Level 3 tweeted: "Per our global SOC: The Level 3 network is operating normally. Please note, reports of an outage by Downdetector are not accurate."
Friday Morning's DDoS attack on Dyn comes as security pundits express concern that these attacks are growing more powerful and easier to accomplish. Several high-profile hacks, including the cyberattack against investigative journalist and security researcher Brian Krebs, have highlighted the significance of DDoS attacks, said John Pironti, security consultant and president of IP Architects, LLC, a Rowley, Mass.-based risk management and consulting services provider.
The reason why these attacks are becoming easier to pull off is that hackers can use unsecured Internet of Things (IoT) devices to carry out a DDoS attack, rather than buy space from a cloud provider and compromise its servers, Pironti said.
"The barrier of entry for DDoS attacks was getting to be a little expensive, but now, there's been code released into the wild that shows people how to take things like DVRs and cameras to create sources for an attack," he said.
The sustained attack on Krebs that was carried out last month was completed using connected cameras and other smart devices.
"DDoS attacks are Old Faithful attacks -- there's nothing special about them," Pironti said. "It's just that the cost of entry has gotten much lower … now that the code is out there, we are going to see more and more of these attacks, and no one is immune to this because all [hackers] are doing is filling up pipes."