If you’re wondering why you had problems trying to connect to your favorite websites on October 21st, you should know that at approximately 7 am ET, Dyn DNS company, which is one of the largest Internet performance management companies, started to experience a DDoS attack. If you are not familiar with this term, then let us explain to you what it is. DDoS attack can be carried out by an attacker who wants to disrupt particular website’s service. For that, it can use a botnet, which consists of several malware-infected PCs. The botnet attacks the target (in this case, Dyn) with meaningless requests so that it cannot respond to legitimate traffic anymore. The victim – Dyn, Inc, is a company that is in charge of websites like Twitter, Netflix, Spotify, Reddit, Github, Etsy, and more. This company manages Domain Name System (DNS) servers for these popular Internet websites, and as a result, they were all taken down for several hours. As the attack had been carried out several days ago, there was enough time to sort some things out and find out more details about it, so now we can share such information with you.
It appears that the attack against Dyn has been carried out by utilizing Mirai malware botnet, and reportedly, tens of millions compromised devices with unique IPs were used. It seems that Mirai’s botnet contained numerous Internet of Things (IoT) devices, for instance, smart-home devices, web cameras and the like, which were all used for the attack. It might be the largest DDoS attack ever registered, but it is clear that there’s more to come. Considering the scale of the attack, it is clear that it has been initiated by professionals, and currently, two hacking collectives that are known as RedCult and New World Hackers have admitted being responsible for the attack. What is more, in a recently released video the Anonymous RedCult group claims that this attack was “a small test on a global scale, but it had to be done […] expect bigger attacks from us.” However, these confessions are not officially confirmed and currently it is still not clear who is behind this massive DDoS attack.
Dyn has already restored the services, and all websites are accessible again.