14 DAY TRIAL // One of the customers of Neustar DNS services provider UltraDNS has been hit with a 100 Gbps distributed denial-of-service (DDOS) attack. As a result, the DNS service was down for several hours on Wednesday for most of the company’s other clients.
The SANS Institute’s Internet Storm Center has been monitoring the situation.
“One reporting party did indicate that they learned that the management of UltraDNS had said that one of their customers was being attacked and that they black-holed that customer to get back on trend,” explained Russ McRee, who was the ISC’s handler on duty at the time of the attack.
UltraDNS provided some updates regarding the situation, but some users complained that the company started providing information on Twitter long after the attack began.
On the other hand, the service provider said that it had issued updates on the DNS resolution event through its normal customer notification process.
“Currently, the Neustar UltraDNS Operations and Security teams continue to work with our Tier One Providers to further refine upstream mitigations within the Carriers networks,” UltraDNS representatives said while mitigating the attack.
“Additionally, the Neustar team is working on adding additional UltraDNS Name Servers into active mitigation. The DDoS traffic continues to shift attack vectors and our teams are working on altering countermeasures to insure stability of service as quickly as possible.”
Dotcom-Monitor has also tracked the outage. According to the company, the outage began at around 10:34 AM CST. While, at about 1 PM, the service started to stabilize, at 4 PM, UltraDNS was still experiencing DNS resolution instability. Some customers reported downtimes of over 8 hours.
Dotcom-Monitor says that this isn’t the first time UltraDNS is impacted by a DDOS attack. The company observed a similar outage back in January 2013.
The attack comes just one week after Neustar published a report on the impact of such cyberattacks. The study has highlighted the fact that in many cases, these DDOS attacks are used by cybercriminals as a method to distract the attention of IT staff while they plant malware on the targeted organization’s systems.
Neustar has revealed that most DDOS attacks are less than 1 Gbps. However, in 2014, the company has already mitigated twice as many 100+ Gbps attacks compared to last year. The reason is the fact that DNS and NTP amplification attacks, which enable cybercriminals to send hundreds of gigabits per second to a targeted server, are becoming more and more common.