Australian ISP Melbourne IT has confirmed that it was hit by “a large DDoS attack” that disrupted its web hosting.
In a statement, the company said that the DDoS attack impacted a large number of customers, and after beginning at 10 am local time on April 13 (12am BST), it was mitigated and normal service resumed by 11.30 am.
“Today we experienced a large DDoS attack on our DNS servers that disrupted our web hosting (Cloud and cPanel), email platforms and access to the Console (our customer administration portal)”, it said. “In response, we implemented our DDoS mitigation services as standard operating procedure and implemented international traffic management measures.”
Commenting, Alex Cruz Farmer, VP of Cloud Services at NSFOCUS said that targeted attacks on DNS servers are increasing, yet many companies do not realize the amount of damage that can be done against something which is considered a trivial service.
Mike Ahmadi, director of critical system security at Synopsys, said that DDoS attacks are a common occurrence, and most ISPs implement mitigation techniques that are generally effective.
“Where this becomes challenging is when the DDoS attacks scale beyond the capabilities of the ISPs, which is a major concern now that we have seen the advent of highly scalable attacks, such as the ones from the Mirai botnet”, he said.
“It is simply unknown how many devices are vulnerable and how big the exploit can get, and that takes us into the uncommon territory, where systems fail and mitigations are often ineffective and even non-existent.”
Sean Newman, director at Corero Network Security, said that the attack on Dyn “was the first public example of cyber-criminals taking a different approach to DDoS attacks, with a single attack able to disrupt the online presence of many well-known internet businesses”, but he said it was surprising that it has taken this long to see another attack of a similar type.
“We are seeing a far more dangerous concoction of attacks taking down major DNS and Internet Service Providers”, he said. “Providers have been fighting off DDoS attacks for a couple of decades now, yet they must re-think their mitigation techniques and deploy modern automatic DDoS defenses to match the sophisticated and damaging attacks of today. Providers are truly the first line of defense when it comes to removing DDoS attack traffic from flowing freely across the internet.”
Tim Erlin, VP of product management and strategy at Tripwire, said: “DDoS comes in a variety of forms and severities; it’s entirely reasonable to expect an ISP to defend successfully against basic attacks. Every system has its breaking point, so no ISP is immune to every type and volume of DDoS attack.
“As with so many information security choices, DDoS mitigation is about evaluating risk tolerance for the business. If your organization is a likely target, then you’ll want to evaluate multiple mitigation strategies, including selecting a service provider who can effectively defend against the most serious types of attacks. Organizations with a higher risk tolerance for disruption or lower probability of being targeted might make different choices about mitigation strategies.”