The story regarding the DDoS attack against Dyn DNS certainly got my attention this morning. Dyn DNS provides DNS managed services for its clients. Familiar names like Twitter, Github, Airbnb and Reddit all appeared to have been impacted. One could draw a conclusion that they were clients of Dyn DNS.
DDoS is not a new form of attack in and of itself. But the methods and strategies around DDoS continue to evolve in the form of larger and more orchestrated attacks. Often, the measure of the level of sophistication of a DDoS attack comes in the form of measured throughput. The attack details are not yet known in this particular attack, but the recent attack against the Krebs security blog is reported to be upwards of 620 Gbps. That is a tremendous amount of data coming at a target all at once.
What causes me to pause and reflect most in regards to this attack and others like it, is that Dyn DNS is a DNS SaaS provider. Their core job is to host and manage DNS services for its clients. The impact and harm has a ripple effect attributed to the various customers Dyn services. As attackers evaluate their targets, and organizations run toward the proverbial cloud for various reasons, it introduces interesting targets for the bad guys.
So what can be done? First, evaluating your dependency on your cloud providers remains a task you cannot outsource. Begin to plan for situations where cyber attacks against you may never be directed at you, but rather organizations you’ve come to rely on. In the case of this attack and DNS, having a secondary DNS service operating at the same time may have mitigated the impact, even when the primary provider goes down. This is where cloud governance becomes a critical element of a CISO’s security program.