Major Websites Twitter, Spotify, Netflix Shut Down by DDoS Attack

By on

We’re no strangers to Armageddon-scenario movies, but today a real disaster hit the internet. Using brute-force tactics that flood key elements of the internet’s structure, cybercriminals managed to shut down a variety of popular websites. The resulting chaos essentially closed the entire East Coast of the U.S., before spreading to other parts of the country and overseas, from a section of the web. Big names such as Twitter, Spotify, Netflix, and more count among those affected. The natural question is “How did this happen?” It happened due to a Distributed Denial of Service attack — or DDoS for short.

While powerful tools may seem miles ahead of the average cyber crook’s ventures, DDoS attacks aren’t incredibly complicated. Plainly speaking, these tools are available to any cybercriminal wanting to get their hands on them.

So let’s cover the term “DDoS.” A Distributed Denial of Service is when perpetrators flood a website with so much traffic that it shuts the site down. Essentially, think of a traffic jam so bad that nobody can enter onto the freeway. Such attacks require a huge amount of devices to succeed — we’re not talking about dozens, we’re talking about up to a million. To really understand the scale of these attacks, watch these videos.

Now how do criminals get a hold of so many devices? By slipping malicious codes onto devices that aren’t secured — or are using factory-set default passwords — cybercriminals can create an army of hijacked devices from across the globe. This is known as a botnet. And with all of today’s connected-devices, crooks are finding it easier to increase their botnets’ ranks. Even the modern kitchen toaster can be vulnerable.

Now, we’re still waiting for details from this incident. We’re still unsure which devices or criminals were involved. But one crucial fact is worthy of note: this attack didn’t hit websites one-by-one. To create wide-spread damage, perpetrators targeted something that every website relies on: a Domain Name System (DNS) service.

Whether you’re aware or not, the DNS is used every time a browser fires up. Think of it as the address book for the internet. Computers don’t speak the same language as humans. So when you type in “www.netflix.com,” a DNS provider has to first translate those letters into numbers which computers understand. When you want to see a website, this is how your browser finds the right servers to connect to.

Now we’re ready to tackle the original question: how did an attack of such scale happen? Ultimately, cybercriminals targeted a large DNS provider. Specifically, the victim was Dyn. They support many of your favorite websites. Think of Twitter, Spotify, Netflix, PayPal, and Reddit. By launching a DDoS attack on the DNS provider, crooks blocked people’s browsers from accessing the servers of many popular websites — the very infrastructure of the internet itself was attacked.

Today’s news comes as a great shock. The truth is, we haven’t seen anything at quite this scale before. Think about it: an entire region of the United States was blocked from accessing parts of the internet. So if a cybersecurity wake-up call was needed, this is it. In my colleague Steve ­­­­Grobman’s words, “this is a reminder of how effective an attack on one can be an effective attack on many.”

Stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.

gary

Categories: Consumer Threat Notices
Tags: , ,

Similar articles

Simply by downloading the right combination of apps, parents can now track their child's location 24/7, monitor their same social conversations, and inject their thoughts into their lives in a split second. To a parent, that's called safety. To kids, it’s considered maddening. Kids are making it clear that parents armed with apps are overstepping ...
Read Blog
A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim's contact list. What's more, the author of the Cerberus ...
Read Blog
5G has been nearly a decade in the making but has really dominated the mobile conversation in the last year or so. This isn’t surprising considering the potential benefits this new type of network will provide to organizations and users alike. However, just like with any new technological advancement, there are a lot of questions ...
Read Blog