– Around 5.40 pm on October 4, Facebook, Instagram and WhatsApp became inaccessible all over the world. Then shortly before one in the morning (Italian time) they slowly started working again. And finally Mark Zuckerberg’s apologies for the gigantic global blackout arrived: “Sorry for the outage, we know how many people rely on our services to stay connected”
But what happened? According to Acronis experts, “while there is no confirmation as to what caused the accident, it is possible that the problem lies in the BGP or DNS protocol – which are popular targets among cybercriminals.
There are various potential attacks against the DNS infrastructure – from DDoS attacks to local DNS rebinding or to hijacking a DNS with social engineering against the registrar. Looking at the overall statistics of the attacks, they are far less popular than the common malware and ransomware attacks, but they can be extremely devastating if they are successful in a sophisticated attack. It’s like pulling the power cord of your server room – the whole enterprise suddenly goes dark, ”comments Candid Wuest, Acronis VP of Cyber Protection Research.
“The protection against DNS attacks is not trivial as they come in multiple facets. It requires strong authentication and patching to secure its services, training against social engineering attacks, as well as classic DDoS mitigations from vendors. Of course, configuration problems should also be avoided. Depending on which service is being attacked – for example, if it’s a central authentication server shared across multiple brands, as in this case, then such an outage can lead to multiple brands going offline. In truth, we must note that most of the disruptions are caused by non.malignant actions and we suspect that this is also the case “concludes Wuest.
Topher Tebow, cybersecurity amnalist at Acronis Cybersecurity explains how things may have gone.
How popular are cyberattacks on DNS servers? How sophisticated does the attacker have to be to execute them?
Denial of service attack is the most common type of DNS attack, and is easily accomplished by attackers, as it relies on simple server request overload. Other attacks such as DNS hijacking and DNS poisoning, where a domain’s records are replaced or spoofed by an attacker, are more difficult to carry out, but can be carried out by an attacker familiar with potential DNS vulnerabilities. .
Have you seen the growth of these attacks since the pandemic hit?
Cyber hackers are always looking for new ways to achieve their goals. Over the past couple of years, we’ve seen some DNS attacks used as part of a multi.extortion scheme when ransomware victims don’t pay the ransom. These attacks haven’t seen the increase that other types of attacks have had, but as with other types of attacks, they seem to happen more frequently – with DDoS attacks driving DNS attacks.
In the event of a cyber attack, what is the recommended course of action?
As with any attack, it’s important to stay calm and have a response plan in place ahead of time. For a DNS attack, this plan will include who communicates what, how and when – as well as having a scheduled backup DNS solution that can be quickly implemented, if not automatically switched in the event of an attack on the primary DNS servers. Direct communication with the DNS provider will be useful in most cases.
How do companies protect themselves from these attacks?
DNS monitoring, CDNs, and redundancy are some of the best ways to protect yourself from DNS attacks. Nothing completely guarantees that an attack will not be successful, but with proper monitoring, redundant DNS and the use of a CDN, the damage of an attack can be minimized.
For companies like Facebook, does an attack on DNS servers mean disruption for all of its brands? or could it be avoided?
For businesses that host multiple brands, the effect on branches will really depend on how the businesses are configured. If they all use the same DNS servers, and the attack is on those servers, then the services will go down for all associated companies.