View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
October 21, 2016updated 28 Oct 2016 2:22pm

Twitter, Reddit and Spotify hit in massive Dyn DDoS attack

Dyn DDoS attack continued for just over two hours before services were restored.

By Alexander Sword

Major sites such as Twitter, Reddit and Spotify were disrupted today as the hosting provider Dyn was hit by a large-scale DDoS attack.

Starting at 11:10 AM UTC (12:10 PM BST), the DDoS hit the Dyn Managed DNS infrastructure.

Dyn began to monitor and mitigate the attack, saying in a statement that “some customers may experience increased DNS query latency and delayed zone propagation during this time.”

Dyn confirmed that services had been restored to normal as of 13:20 UTC (14:20 BST).

The attack mainly impacted customers in the US East region.

DDoS attacks have been prominent in the news recently. Security blogger Brian Kreb’s site KrebsOnSecurity was hit in one of the largest DDoS attacks of all time in September, peaking at 620 Gbps.


Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Dyn could potentially fit into a pattern of attacks on hosting providers.

OVH, a hosting provider and DDoS mitigation service, was also targeted in a DDoS attack in September, with the combined brunt of the attack apparently amounting to around 1.1 Tbps.

According to OVH’s founder, posting on Twitter, the combined brunt of the attack amounted to around 1.1 Tbps – dwarfing the Krebs attack mere days later. He later commented that over 150,000 CCTV cameras participated in the DDoS during the 48-hour period.

Bruce Schneier, CTO of Resilient, recently warned that several internet companies, unnamed, had been hit by DDoS attacks which had started at a certain point and then been steadily ramped up before stopping. The attack would later resume at a higher point and continue.

Schneier suggested that a major nation state was behind this activity and that it could be calibrating its tools for a potential cyber war.

Corero CTO Dave Larson commented on the attack, saying:

“DDoS attacks targeted specifically against Domain Name Service Providers can be especially damaging – not only for the intended victim – but from the perspective that there will also be significant collateral damage.

“A DDoS attack, regardless of the vector or technique utilised, against a DNS operator targeting a domain or group of domains can effectively shut down service to that domain, as well as any other domains serviced in a particular region.

“DNS providers are central to the operation of the Internet and must consider DDoS attacks as a critical availability issue and maintain automated mitigation techniques in order to protect their customers from this breed of attack.”

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.