Australian media, banks, airline, insurance, retail and hotel websites have experienced outages and interruptions following a large-scale distributed denial of service (DDoS) attack in the US.
The attackers struck three times on the east coast of the US on Friday, targeting US-based company Dyn, which provides internet traffic management services to multinational organisations such as Netflix and Twitter.
Globally, the attacks hit popular websites such as Amazon, GitHub, Netflix, Reddit, Spotify and Twitter.
Consequently, the knock-on effect of the breaches impacted websites locally, including AAMI, ANZ, BankWest, Coles, Daily Telegraph, Dan Murphy’s, eBay, HBSC, Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, Sydney Morning Herald and Westpac.
Digital performance monitoring company, Dynatrace, tests thousands of sites across all industries continually, with data showing that many of Australia's high profile sites were impacted.
“While not as severe as the US, Australian sites were definitely experiencing performance problems as a result of the DDoS attacks,” Dynatrace data expert, Dave Anderson, said.
“Of the sites we've monitored, we can see that the average DNS connect time spiked to about eight seconds, when normally it would average three milliseconds.
“It also looks like Australia was impacted by all three of the US attacks.
“While it's a bit unlucky for these Australian sites to have been hit, it's a wake up call for everyone with an online presence. You're on 24 hours a day and these performance issues will be part of the daily digital life ongoing."
Targeted specifically at Dyn’s Managed DNS infrastructure, the attacks started at approximately 7:00am (EST), lasting for two hours at the company’s Network Operations Center (NOC) battled to restore service to customers.
After restoring service, Dyn experienced a second wave of attacks just before noon EST, with the breach more global in nature and not limited to East Coast POPs.
According to company records, the second attack was mitigated in just over an hour, with service restored at approximately 1:00pm EST.
Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time.
News outlets then reported a third attack wave, which was verified by Dyn based on inside information, which was again successfully mitigated without major customer impact.
“At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses,” Dyn chief strategy officer, Kyle York, said.
“We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion.
“The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations.”
York said that Dyn can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet.
“We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack,” York added.