Skip to main content
close search
site logo
Deep Dive

One year after the Dyn DDoS attack broke the internet, what's changed?

Not much. Companies still lack redundancy measures.

Published Oct. 20, 2017
Naomi Eide's headshot
Managing Editor
Getty Images

National Cybersecurity Awareness Month

Last October, the internet broke, or stuttered, depending on who you ask. One year later, those vulnerabilities remain and a year from now, connectivity will still be at the mercy of attackers. 

DDoS attacks have become commonplace, but that doesn't limit the potential negative impact on businesses.

In a domain analysis of the top 100 U.S. websites — which includes companies like Netflix, Twitter, YouTube, Reddit, Amazon.com and Wikipedia — only 32 sites had DNS provider redundancy, according to Ron Winward, security evangelist at Radware.

While some companies did make changes, and could have gone with a different provider with a bit more network robustness, 68 of the top 100 websites do not have DNS provider redundancy.

If another larger-scale attack were to hit their service provider, many of the sites could go down once again. 

The massive DDoS attack on DNS provider Dyn, disrupted connectivity to major sites like Netflix, Twitter, Spotify, GitHub and Reddit.

You don't need tens of thousands of bots in order to cause damage for somebody.

Ron Winward

Security evangelist

Dyn, now a part of Oracle, was hit by a Mirai botnet, which used "10s of millions of discrete IP addresses" to disrupt the service.

Though Dyn suffered in the attack, with more than 14,000 internet domains dropping its service in the aftermath, the DNS provider was likely not the true target.

Rather, attackers highlighted a choke point in the internet: If a service provider is taken down, an attack can have far greater impact. Though Dyn was directly targeted and impacted, customers using its services could have lost business and revenue as a result of the attack.

But when DDoS attacks reach the scale of the one targeting Dyn, companies are left little recourse for defense.

"There's only so much you can do with a DDoS attack to protect against it," said Adam Meyers, VP of Intelligence at CrowdStrike. "When you start talking about millions upon millions of nodes that are coming from all over the internet and sending traffic your way blocking that becomes certainly a whack-a-mole type of game."

In response to the massive attack, security experts were quick to once again extol the virtues of redundancy measures — a best practice that experts have recommended for nearly two decades. But a year later, not much has changed.  

What now?

Best-practice defense aside, the Dyn attack put the spotlight on IoT security. Gartner predicts more than 21 billion IoT devices will be used globally by 2020. But providers have been slow to change their approach to securing devices.

Whether it's a smart refrigerator or a smart toaster or a camera, people see IoT devices as "single-purpose embedded devices," said Meyers. People need to work to better secure them because "not only did the good guys and the defenders see the problems that Mirai exposed, but the bad guys saw that as a potential thing that they want to get into."

Attackers can create new tools using the Mirai botnet that "are better, faster, stronger," said Meyers. "If you do that, then you're going to be running the DDoS game."

"When you start talking about millions upon millions of nodes that are coming from all over the internet and sending traffic your way — blocking that becomes certainly a whack-a-mole type of game."

Adam Meyers

VP of Intelligence at CrowdStrike

In the last year, the prevalence of DDoS attacks has only increased. More than one-third of organizations faced DDoS attacks in 2017, compared to 17% in 2016, according to a recent survey of more than 5,200 people from Kaspersky Labs. And many of those organizations claim the attacks served as a smokescreen, used to cover up other incidents that had created "severe financial and reputation damage."

While Dyn may have been the attack that brought attention to DDoS attacks mainstream, both the attack and methodology are not unique and will likely continue to persist.

There is one curious thing that has changed since the Mirai botnet code was released, leading up to and following the Dyn attack.

"Since releasing that code to the public, the number of botnets has increased, but the quantity of enslaved devices in those botnets has dramatically decreased. It's basically because of infighting that happens for the bots," Winward said. "We have factioning of these armies of botnets. More people are fighting for resources and the pool of resources in each [botnet] army is smaller than it was a year ago."

Though botnets may get smaller, attackers don't need to create 1.2TB botnets to wreak havoc. In Winward's lab, he was able to use five IoT devices to take down a single, fairly high-end corporate firewall. "You don't need tens of thousands of bots in order to cause damage for somebody," he said. 

Filed Under: IT Strategy, Security

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on Power, Status, and Pay
From 1E
November 21, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell