Dyn DDoS done by amateurs?!

Next story

In October of this year a record breaking DDoS attack took down a large number of popular websites. Mark James explores the motivations behind this attack and who could be responsible.

Image

In October we saw a massive DDoS attack that knocked several major websites offline. Botnet ‘Mirai’ brought down America and Europe’s Internet, effecting websites such as Twitter, the Guardian, Netflix, and many more, by targeting the servers of Dyn, the company that controls a larger part of the internet’s domain name system (DNS) infrastructure.

This is considered one of the biggest DDoS attacks in history, but this attack is potentially the work of amateur hackers, not a nation-state or cybercriminal organisation. Various entities have claimed responsibility for the attack, with WikiLeaks tweeting their supporters they may have been responsible and Russian grey hat hackers claiming they are behind the attack.

Mark James, ESET IT Security Specialist, discusses the potential hacker(s), and what they can gain from such a large DDoS attack.

“DDoS and hacking are often used in the same sentence, but they are indeed very different and require very different skillsets.

“That being said they may well be used in conjunction with each other to formulate the complete attack.

“DDoS as a service is available for a relatively low sum, and with the availability of programs to make DDoS easier it could in theory be orchestrated by someone with very little skill.

“Of course large scale DDoS attacks will require a good amount or organising, but still very accessible with the right determination.

The goals of a successful DDoS attack vary from public voice, political or financial gain or just for notoriety. Because of the nature of multiple attacks from so many sources it’s very difficult to definitively determine the owner or instigator and often will leave it wide open for people to claim responsibility.

“It’s quite possible for a few people or multiple groups to be responsible, in a lot of these cases we will never really know, the only guaranteed thing we can take away from this is companies need to understand the risks and have procedures in place to combat future attacks.

“It will only get easier for the bad guys as software becomes more freely available, but of course awareness often brings solutions, many companies offer protection against these types of attacks.”


Have you ever felt the effects of a DDoS attack? Which site or sites were down? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.