Tag Archives: application

DDoS attack on Dyn costly for company: claim

A distributed denial of service attack on Dynamic Network Services, otherwise known as Dyn, in October 2016, led to the company losing a considerable amount of business, according to data from the security services company BitSight. A report at the Security Ledger website said while Internet users endured short-term pain because they were cut off from popular websites during the attack, the company, Dyn, lost the business of about 8% of the domains — about 14,500 — it was hosting shortly thereafter. This figure was based on statistics in a talk given on 24 January by Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts. Dyn is based in Manchester, New Hampshire. It was recently bought by Oracle Corporation. During the outage, Dyn was targeted by hackers who are said to have used digital video recorders and security cameras which were compromised by malware known as Mirai and used to form a massive botnet. The first attack, on 21 October 2016 US time, began at 7.10am EDT (10.10pm AEDT) and, once this was resolved by Dyn, further waves caused disruptions throughout the day. While major US websites like Twitter, Spotify, Netflix and Paypal were disrupted, the application performance management software company Dynatrace said that Australian websites were affected as well. Among the Australian sites that took a hit, Dynatrace listed AAMI, ANZ, BankWest, Coles, The Daily Telegraph, Dan Murphy’s, ebay, HSBC, The Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, The Sydney Morning Herald, and Westpac. BitSight provides security rating services for companies. It analysed 178,000 domains that were hosted on Dyn’s managed DNS infrastructure before and after the attacks; of these 145,000 used Dyn exclusively, while the remaining 33,000 used Dyn and others too. After the attack, according to Dahlberg, 139,000 of the 145,000 domains managed exclusively by Dyn continued to use its services, a loss of 4% or 6000 domains. Among domains that used Dyn and other providers as well, there was a loss of 8000 domains, or 24%. Security Ledger said it had tried to get a comment from Dyn but was refused one. It is not clear whether any of the 14,500 domains that were found not to be using Dyn’s services in the aftermath of the attack returned to the provider. Source: http://www.itwire.com/security/76717-ddos-attack-on-dyn-costly-for-company-claim.html

View the original here:
DDoS attack on Dyn costly for company: claim

Ontario literacy test abandoned due to DDoS attack

There’s no shortage of conspiracy theories when it comes to guessing who’s behind cyber attacks. So when it was announced that a distributed denial of service (DDoS) attack was behind last week’s crash of an Ontario online literacy test for about 190,000 high school students the list was long. –One of the thousands of computer-literate students who want to Get Back At the Education System? (No shortage of them…) –One of the tens of thousands of Ontario high school graduates who want to Get Back At the Education System (Some of whom are reading this right now …) –General mischief makers around the world (Really no shortage of them) –The usual suspects blamed for everything bad (Russia, China). OK, probably not Russia and China. But with DDoS-as-a-service available on the dark web (all you need is Tor and a credit card) and — here’s the tricky part — the right URL — it’s not hard to launch an attack anywhere on the planet. Who had that URL and how they got hold of it is the question. It may not have been that hard because last week’s test was preceded by earlier, smaller ones. What we do know for sure is that on Monday the provincial Education Quality and Accountability Office (EQAO) said the Oct. 20 province-wide trial of the online Ontario Secondary School Literacy Test (OSSLT) had to be terminated because of what it called an “intentional, malicious and sustained” DDoS attack. “An extremely large volume of traffic from a vast set of IP addresses around the globe was targeted at the network hosting the assessment application,” the office said in a statement. No personal or private student information was compromised, it added. According to a statement Thursday from the EQAQ, a third party hosted the application. “We planned for a variety of cyber incidents,” the statement said, “but we are unable to disclose the specifics of this information because of the need to protect our infrastructure’s security. What we can say, however, is that we did not anticipate a DDOS of this magnitude. A forensics firm is investigating. “We were shocked to learn that someone would deliberately interfere with the administration of the online OSSLT,” Richard Jones, the office’s director of assessment, said in a statement. “There will be discussions over the next few weeks to determine how to strengthen the system, and we will continue to work with Ontario’s education community to understand how best to use online assessments to benefit our province’s students.” —Richard Jones, Director, Assessment Last week’s exercise was was a voluntary trial to test the system’s readiness before the regularly scheduled administration of the OSSLT — either online or on paper — in March 2017. The office is determined to keep to that schedule. Source: http://www.itworldcanada.com/article/ontario-literacy-test-abandoned-due-to-ddos-attack/387852

Read More:
Ontario literacy test abandoned due to DDoS attack