Following the resumption of service by popular social media platforms – Facebook, Instagram and WhatsApp – after a six-hour-long outage on Monday, October 4, below are comments from our cyber protection experts.
Mr. Candid Wuest, Acronis VP, Cyber Protection Research:
“While there’s no confirmation on what caused the incident from Facebook Inc, it’s possible that the issue lies with the BGP or DNS protocol – which happen to be popular targets among cybercriminals.
There are various potential attacks against DNS infrastructure – from DDoS attacks to local DNS rebinding or hijacking a DNS with social engineering against the registrar. Looking at overall attack statistics, they are a lot less popular than common malware and ransomware attacks, but they can be extremely devastating if successful in a sophisticated attack. It’s like pulling the electric cable to your server room – the whole enterprise suddenly goes dark.
Protection against DNS attacks is not trivial as they come in multiple facets. It requires strong authentication and patching to guard your own services, training against social engineering attacks, as well as classical DDoS mitigations from providers, such as Cloudflare. Naturally, configuration issues should be avoided as well. Depending on what service is attacked – for example, if it’s a central authentication server shared between multiple brands, like in this case, then such a single outage can lead to multiple brands going offline.
To be fair, we must note that most commonly such outages are caused by non-malicious actions – suspect it to be the case here too.”
Mr. Topher Tebow, Acronis Cybersecurity analyst:
How popular are cyberattacks on DNS servers? how sophisticated does the attacker need to be to execute?
Denial of service attack is the most common type of DNS attack and is easily accomplished by attackers, as it relies on simply overloading a server with requests. Other attacks like DNS hijacking and DNS poisoning, where a domain’s records are replaced or spoofed by an attacker, are more difficult to pull off but can be accomplished by an attacker familiar with potential vulnerabilities in the DNS system.
Have you seen the growth of such attacks since the pandemic hit?
Attackers are always looking at new ways to accomplish their goals. In the last couple of years, we have seen some DNS attacks used as part of a multi-extortion scheme when ransomware victims do not pay the ransom. These attacks have not seen quite the increase that other types of attacks have, but as with other types of attacks, they do seem to be happening more frequently – with DDoS attacks leading the DNS attacks.
In case of a cyberattack, what’s the recommended course of action?
As with any attack, it is important to remain calm, and have a response plan in place ahead of time. For a DNS attack, this plan will include who communicates what, how, and when – as well as having a backup DNS solution planned that can be quickly implemented, if not automatically switched to in the event of an attack on the main DNS servers. Direct communication with the DNS provider will be helpful in most cases.
How do businesses protect from such attacks?
DNS monitoring, CDNs, and redundancy are some of the best ways to protect against DNS attacks. Nothing is a full guarantee that an attack won’t be successful, but with proper monitoring, redundant DNS, and utilization of a CDN, the damage of an attack can be minimized.
For companies like Facebook Inc, housing multiple brands – does an attack on DNS servers mean outage for all their brands? or could it be avoided?
For companies that house multiple brands, the effect on subsidiaries will really depend on how the companies are configured. If they are all using the same DNS servers, and the attack is on those servers, then services will go down for all of the associated companies.
About Acronis
Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions. With award-winning AI-based antimalware and blockchain-based data authentication technologies, Acronis protects any environment — from cloud to hybrid to on-premises — at a low and predictable cost.
Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 1,700 employees in 34 locations in 19 countries. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, including 100% of the Fortune 1000, and top-tier professional sports teams. Acronis products are available through 50,000 partners and service providers in over 150 countries in more than 40 languages.
