:: Update: According to Dyn representatives, service has been restored as of 6:17 p.m EST, Friday. Latest updates from Dyn can be found here. ::
Cyberattacks are more than just a political commentary for those who conduct business online, but with banking, entertainment and communication taking place digitally every day - that's all of us, whether we own or manage a website or not.
Web professionals have long understood the magnitude of cyberattacks (read more here), but even they got a wake up call Friday when some of the U.S.'s most popular sites were hit, twice, and a third is underway as Dyn alerted customers - a situation that Dynatrace calls preventable (more commentary below). A large-scale distributed denial of service attack (DDoS) against Internet performance company Dyn prevented the access to at least Twitter, Etsy, Spotify, Dyn and Github. Shutterstock had also been down for Website Magazine and came back up the same time Twitter did, and users have reported outages at Netflix, Amazon, Tumblr and Reddit.
Dyn told CNBC Friday afternoon the attacks are "well planned and executed, coming from tens of millions of IP addresses at the same time." Of course DDoS attacks happen when individuals or groups send fake traffic in excess amounts to take a site offline (think of how unprepared sites crash during high-traffic periods but these attacks have malicious intent).
Dyn told CNBC that one of the sources of the attack is coming from "Internet of Things" - risks Website Magazine has warned about (repeatedly).
Website Magazine reached out to Dyn and did not receive immediate comment. Catchpoint is in the performance monitoring business and can comment on the impact of this problem, but not how the security was breached.
"This is one of the nastiest attacks we have seen in a long time, and a sign of more powerful attacks to come," said Mehdi Daoudi, CEO and co-founder, Catchpoint Systems. "The increasingly fragile and interconnected state of the Internet is an Achilles heel, and hackers are capitalizing on this vulnerability. They're like snipers, strategically taking aim at the highest value targets to create the biggest possible ripple effect of damage across the Internet, with the least amount of effort."
For perspective, research from Kaspersky Lab indicates that a single cybersecurity incident costs large businesses, on average, a total of $861,000 while SMBs pay an average of $86,5000.
A Preventable Situation
David Jones is the director of sales engineering and APM evangelism for digital performance management software company Dynatrace and has provided the following commentary about today's attacks:
Today, Dynatrace monitored the widespread issue that impacted the performance of many Web-based businesses, impacting users in the northeastern U.S. What we know is the DNS health was the root cause of the issue. As websites, cloud and mobile applications become ever more complex to manage, ensuring performance remains a challenge for any business that depends on the Web to deliver services, products and information. These kinds of situations can dramatically impact a digital business' revenue and brand image - but they are also preventable.
- It's critical for businesses to have a DNS failover strategy. Relying on a single DNS provider is a recipe for disaster, as many have learned as a result of today's attack. Maintaining relationships with multiple vendors allows businesses to switch DNS routing as soon as an issue arises.
- It's important to manage the number of third-party connected to websites and apps. The more third-parties, the higher the risk of performance problems.
- Use software "robots" - aka synthetic monitoring - to monitor your website. This ensures that your site can be reached from wherever your end users are located and will alert you the very moment something is amiss.