[1:28pm Pacific / 4:28pm EST Update: According to Time Magazine Deputy Tech Editor Alex Fitzpatrick, there is now a third DDoS attack underway targeting Dyn – this from 7 minutes ago. According to Alex, Dyn have also confirmed that the Mirai Botnet is responsible “in part” for today’s DDoS attacks]
[Updated again 1:07pm with mainstream coverage including Time saying DHS is investigating. Also that WordCamp ticket sales were affected.]
[This post updated at 12:18pm Pacific time with a few additional ways in which WP publishers may be affected]
DNS provider DynDNS, also known as Dyn.com is currently being attacked using a very aggressive DDoS attack. If you use them for your website DNS you probably have experienced outages today.
You can get status updates from DynDNS themselves here and also on Twitter.
This attack affects any website or online service that uses Dyn.com for DNS resolution. So far this attack has affected:
- Wordcamp ticket sales were affected earlier today according to WP Slack #community-team channel.
And many other large well known brands.
This attack may affect your website shopping cart checkout if you use a service provider who has been affected by the attack. It may also affect other features or services you provide to customers that rely on being able to contact a site affected by the attack. [Updated at 12:18pm Pacific Time] These may include:
- Social media integration. Twitter was not available earlier today and if it’s API becomes unavailable, it may affect certain pages loading and may affect user’s ability to share posts.
- Backups. If your backups are stored off-server on an external domain, make sure that domain stays accessible or backups may not be copied over.
- Checkout. Already mentioned, but if your payment processor goes offline, it will stall all transactions on your site and may even make certain pages inaccessible. Paypal has been affected by this but appears to be back.
If you are affected by this attack, you should consider setting up another DNS provider as your secondary DNS or temporarily moving all DNS to another provider. This appears to be what Amazon has done to mitigate the attack. You will need to exactly duplicate your DNS configuration on the new provider before making it the authoritative DNS for your domain and this may take some time. The transfer may take up to 48 hours, by which time this may all be over.
The attack appears to be an attack on Dyn’s infrastructure according to their technical updates. They are working continuously to mitigate the attack. You can watch BGP routes change as Dyn tries to mitigate the attack.
Last Friday the source code for the Mirai malware that infects a very large (greater than 1 million) Internet of Things botnet was released to the general public. According to Brian Krebs this “virtually guarantees that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices”. This large scale attack today may be related to the Mirai source code release.
DownDetector is showing many major brands are having trouble today. Click on a logo for connectivity details.
Bloomberg has a theory that this may be a retaliatory attack against DynDNS.
Threatpost is reporting that the number of Mirai botnet infected devices have doubled since the source code release a week ago.
Gizmodo is reporting this as the beginning of a bleak future.
And one of my favorite reads this week related to this story, Bruce Schneier with a theory that attacks like this are a nation state probing to assess defensive capability.
This has now hit mainstream news in USA Today and many other publications, and Time Magazine is reporting that Department of Homeland Security is investigating.