Twitter, GitHub and several other major websites are inaccessible for many users due to a distributed denial-of-service (DDoS) attack on the Managed DNS infrastructure of cloud-based Internet performance management company Dyn.
The list of affected websites includes Twitter, Etsy, GitHub, Soundcloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom and Heroku.
GitHub has informed users that its upstream DNS provider is affected by a “global event.” At the time of writing, website availability services show that Twitter.com has been down for roughly two hours.
A global event is affecting an upstream DNS provider. GitHub services may be intermittently available at this time.
— GitHub Status (@githubstatus) October 21, 2016
According to Dyn, the DDoS attack aimed at its DNS service started at roughly 11:10 UTC. The company is working on mitigating the attack, which appears to mainly impact customers in the east of the United States. People in Europe and Asia have reported that they can access the affected sites.
DDoS attacks launched against Internet services providers can be highly problematic, especially since malicious actors are capable of launching increasingly powerful attacks. An attack targeting hosting provider OVH last month exceeded 1 Tbps.
These massive attacks are launched with the aid of botnets powered by hundreds of thousands of compromised Internet of Things (IoT) devices. Mirai botnets, for instance, have ensnared more than half a million DVRs, routers and IP cameras.
Related Reading: Cybercriminals Target Blockchain in DNS Attack
Related Reading: DNS Monitoring – Connecting the Dots for Better Internet Security
Related Reading: Over 500,000 IoT Devices Vulnerable to Mirai Botnet