DDoS from an electric kettle
Four years ago, on October 21, 2016, Dyn was the victim of a massive DDos attack . It lasted for almost the entire day and as a result, a significant part of the world's popular Internet services was unavailable. Among them are Amazon, Airbnb, CNN, Netflix, PayPal, Spotify, Visa and many more. All of them used only Dyn's solution as their DNS provider and had no backup option in case of failure.
It is believed that the attack was organized quite cleverly, through the MIrai botnet, which included many IoT devices - kettles, coffee makers, televisions, and so on. Access to them was obtained due to the fact that most users did not change the standard passwords for them. A load of 1.2 terabits per second makes the attack one of the largest in history. This attack effectively destroyed Dyn and literally a month later, in November, it was bought by Oracle.
Are the lessons learned
To find out, a group of scientists from Carnegie Mellon University surveyed 100,000 of the world's most popular websites from the Alexa rankings. They wondered what percentage of sites still depend on a single DNS provider.
The results were announced at the recent Internet Measurement Conference. According to them, in 2020, 89.2% of all web resources analyzed by them use the services of a DNS provider, and do not deploy their own server. And 84.8% of sites work with one DNS provider, they have no backup in case of failure or attack.
The number of resources dependent on a single DNS provider has grown by 4.7% in four years. It appears that no conclusions were drawn after the attack. One of the most striking numbers is that since 2006, only two of the Alexa Top 100 sites have added backup DNS servers. As for small sites, they continue to use the same provider, and in general, most of the resources use the services of a reputable vendor. That is, the situation today is very similar to the one that was before the attack in October 2016.
Dependency on three services
The research revealed the three most popular providers among the Top 100,000 sites in the Alexa ranking. These are Cloudflare (24%), Amazon Web Services (12%) and GoDaddy (4%). Moreover, 38% of these sites use only one of them, without any safety net.
Any malfunction, whether malicious or accidental, can "kill" a significant part of the global network. And that seems to be what happens regularly. For example, attacks from time to time disable AWS services .
The researchers also analyzed sites using CDNs (content delivery networks) and CAs (certification authorities). The results were similar - many resources use a single service, without any reservation.
What to do
The authors of the study plan to use the accumulated information to create a service that will analyze websites and give recommendations on what and how to do to minimize damage from a potential DDoS attack. Based on the analysis, the resource will be assigned a security level - it is planned to create a certain metric for it. An even more ambitious plan has also been announced - they can conduct research on dangerous dependencies on one supplier in the areas of e-commerce, education, the public sector and so on.
But the most reliable way is to think ahead about a backup DNS provider. By doing this, you will be in those few percentages where security is important and avoid the cost of downtime in the event of an attack.
Blog ITGLOBAL.COM - Managed IT, private clouds, IaaS, information security services for business:
- Why ethical hackers should work together to break into corporations. Interview with bug hunter Alex Chapman
- Fear of work automation and other trends in global and Russian cybersecurity
- How we found the vulnerability in the bank's mail server and how it threatened
- The main trends of the IT industry in 2021 according to Gartner