Dyn down: Major East Coast cyberattack brings down Twitter, Netflix, Spotify and others

The domain host, Dyn, said the large DDOS attack began at 7 a.m. Friday morning. By 9:30 a.m., the system was restored to normal.
By Jessica Davis
11:57 AM

Internet users reported major accessibility issues early Friday, as a slew of major websites were rendered temporarily inaccessible, including Netflix, Twitter, Spotify, Etsy, The New York Times and SoundCloud.

Dyn, the domain name system host that both monitors and reroutes internet traffic, informed its users it had experienced a cyberattack beginning around 7 a.m. that primarily affected East Coast users. By 9:30 a.m., services had returned to normal, Dyn officials said in a statement.

Dyn confirmed it was a massive denial-of-service attack, where cybercriminals flood an organization’s servers with data to overwhelm them and eventually shut them down. Dyn hosts the domain name to many major websites.

Managed DNS customers in the east coast region were the primary sites affected, officials said. Amazon Web Services, which hosts many popular sites like Netflix, also reported outages, as well. According to a statement, the outage was due to a ‘hostname’ issue, and it’s not immediately clear if it’s related to the Dyn attack.

DDOS attacks have increased in size and scope, in recent months – including what's been billed as the largest distributed attack on 145,000 Internet of Things devices, which occurred in September: A botnet flooded a European web host with a data deluge that at times approached one terabit per second.

[Also: Massive DDoS attack harnesses 145,000 hacked IoT devices]

Security experts said these attacks will pose dramatic new risks for electronic health records and other hospital IT systems. In January 2016, Hurley Medical Center in Flint, Michigan experienced a DDoS attack and in 2014, Boston Children's Hospital was targeted by a days-long Anonymous DDoS campaign.

"Now that we've seen a 600 gig botnet, we have to plan that within one to two years, those are going to become common," Martin McKeay, a member of Akamai's security intelligence team, told Ars Technica.

"They may not be every attack, but we’ll see a dozen of them a quarter; we'll see a couple hundred of them a year. Now that people know those are a possibility, they're going to start pushing in that direction. They're going to make it happen."

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn