US users were not able to reach Twitter and other sites due to DDoS on Dyn DNS Service

A severe distributed denial-of-service (DDoS) it targeting the Managed DNS infrastructure of cloud-based Internet performance management company Dyn.

A severe distributed denial-of-service (DDoS) it targeting the Managed DNS infrastructure of cloud-based Internet performance management company Dyn.

Many users of major websites are not able to reach web services such as Twitter, GitHub, The list of affected websites includes Twitter, Etsy, GitHub, Soundcloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom, and Heroku.

GitHub has notified its users that its upstream DNS provider is suffering a serious issue. In some region of the planet Twitter.com was not accessible, as reported by SecurityWeek

“At the time of writing, website availability services show that Twitter.com has been down for roughly two hours.” states a blog post published by SecurityWeeks.

Dyn confirmed the DDoS attack against its DNS service that started at 11:10 UTC. The company is still working on mitigating the attack.

“Services have been restored to normal as of 13:20 UTC.

The attack seems to have no impact on the European and Asian Users, I live in Italy and here we had no problems in reaching the affected websites.

DDoS attacks continue to represent a serious threat against the web services and the overall Internet infrastructure.

Recent attacks powered by the Mirai botnet reached a magnitude never seen before, the attack targeting hosting provider OVH last month peaked 1 Tbps.

Early September the popular cyber security expert Bruce Schneier published an interesting post titled “Someone Is Learning How to Take Down the Internet” that reveals an escalation of cyber attacks against service providers and companies responsible for the basic infrastructure of the Internet.

We are referring to coordinated attacks that experts consider a sort of tests to evaluate the resilience of most critical nodes of the global Internet. The attacks experienced by the companies request a significant effort and huge resources, a circumstance that suggests the involvement of a persistent attacker like a government, and China is the first suspect.

“Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing.” wrote Schneier.

“I am unable to give details, because these companies spoke with me under a condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there’s a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn’t have the level of detail I heard from the companies I spoke with, the trends are the same: “in Q2 2016, attacks continued to become more frequent, persistent, and complex.”

It is clear that attackers aim to cause a global blackout of the most common top-level domains paralyzing a large portion of the Internet.

Schneier, who has spoken with companies that faced the attacks, pointed out powerful DDoS attacks that attacks that stand out of the ordinary for their methodically escalating nature.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Internet, Dyn DNS Service)