The Distributed Denial of Service (DDoS) attack that hit DNS provider Dyn Friday was a sophisticated, highly distributed attack involving "10s of millions of IP addresses," the company said in a statement over the weekend.
The attack, which came in three waves, disrupted service for many users trying to reach Twitter, Etsy, Github, Spotify, Reddit, Netflix and SoundCloud, among others, throughout the day on Friday. However, at no point did the company experience a full, system-wide outage.
The Mirai botnet appears to have been one source of the traffic in the DDoS attack, according to analysis from Flashpoint and Akamai.
"While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different," said Kyle York, Dyn’s Chief Strategy Officer. The company is now conducting a "thorough root cause and forensic analysis, and will report what we know in a responsible fashion."
It took the Dyn NOC team about two hours to mitigate the first attack and restore service to customers. The second attack was resolved in about an hour, and Dyn successfully defended against the third wave of attack without customer impact. Many companies, however, experienced latency throughout the afternoon.
DDoS attacks involving botnets appear to be on the rise. Last month, French hosting firm OVH was hit with two concurrent DDoS attacks attributed to botnets made up of 145,607 compromised IoT devices.
A DDoS attack stemming from compromised IoT devices shows the advanced capabilities malicious actors have when targeting networks. Ensuring the devices remain secure could help stop such large-scale attacks from taking place. But, to prevent insecure devices, companies will have to bake in security measures rather than adding it on later as an afterthought.
For those organizations using service providers, the attack is also a lesson in redundancy. Companies using more than one service provider have the chance to have few disruptions in the event of cyberattacks.