Large ddos attack affecting multiple clients

Large DDOS attack affecting Multiple Client

Update: The attack seems to have been resolved by the provider at 20.oo central european time.

Intelliagg have seen an increase in traffic related to the bot-net named “mirai” that comprises of hacked devices such as home routers and surveillance cameras and other “internet of thing” (iot) devices.

Today a large distributed denial of service attack have affected several of our clients. The attack is ongoing and has currently not been resolved.

What we know

The early research of the attack shows that the majority of the affected sites and clients have a tie to DYNDNS who reported the attack at 16.00 Central european time. 

It is unclear wether more DNS providers are targeted in the attack but given the initial research on some of the big sites that have gone down that is likely.

Intelliagg will continue to investigate and update information on this attack.

Who is affected

It is looking like the attack is persistent and have targeted the Core DNS service from a bot net with an so called DNS amplification attack. Initially it seemed to only affect .com addresses but we are now getting reports that .se addresses are affected. According to our reports so far it seems .co.uk addresses are not affected.

Recommended action

If you are affected and know that you have Dyn.com as you dns provider we recommend to temporarily move DNS to a alternate provider or set up a temporary local DNS server. several of our clients have mitigated the attack by temporarily move the DNS resolution to amazon AWS.

For more information and updates

https://www.intelliagg.com/index.php/blog/

If you are affected have any questions or would like any advice on mitigation please send an e-mail to support@intelliagg.com