Friday, October 21, 2016

Dyn Cites Mirai Botnet as One Source of the Attack

In a statement regarding the DDoS attack on 10/21/2016, Dyn confirmed the sophisticated, highly distributed attack involved 10s of millions of IP addresses.

The company said its preliminary forensic analysis, with help of analysis from Flashpoint and Akamai, indicates that the attack originated across multiple attack vectors and internet locations. One source of the traffic for the attacks were devices infected by the Mirai botnet.  Dyn observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.

http://hub.dyn.com/static/hub.dyn.com/dyn-blog/dyn-statement-on-10-21-2016-ddos-attack.html

Flashpoint Links Dyn DDoS Attack to Mirai IoT Botnet

Flashpoint confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware.

Mirai botnets were previously used in DDoS attacks against security researcher Brian Krebs’ blog “Krebs On Security” and French internet service and hosting provider OVH. Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks. Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures (TTPs) associated with previous known Mirai botnet attacks.

However, Flashpoint states that the Mirai botnets used in the October 21, 2016 attack against Dyn were separate and distinct botnets from those used to execute the DDoS attacks against “Krebs on Security” and OVH.

Flashpoint also notes that the Mirai source code was released earlier this month by the hacker operating the Mirai botnet responsible for the Krebs DDoS attack.

https://www.flashpoint-intel.com/mirai-botnet-linked-dyn-dns-ddos-attacks/

Dyn Managed DNS Hit by Major DDoS Attack

Dyn, which provides cloud-based Internet Performance Management and traffic steering to major websites, including Twitter, Zappos, Red Hat, BT, CNBC and Zillow, experienced a major DDoS was impacting its Managed DNS customers in its US East region.

On its status update site, Dyn noted that it began monitoring and mitigating a DDoS attack starting at 11:10 UTC on October 21st-Friday 2016 against its Dyn Managed DNS infrastructure.

Impacted websites and services included Etsy, Heroku, Business Insider, Soundcloud, Spotify, Reddit, Github, Twitter and others

The company reported that its services were restored to normal as of 13:20 UTC, approximately two hours after the attack began, but then new attacks emerged against the Dyn Managed DNS infrastructure.

https://www.dynstatus.com/incidents/nlr4yrr162t8

Ericsson's Revenue Drops 14% YoY

Ericsson reported Q3 net sales of SEK 51.1 billion down 14% from a year ago for comparable units.  The drop was mainly driven by segment Networks where reported sales declined by 19%.

Gross margin declined to 28.3% (33.9%) YoY following lower mobile broadband capacity sales, a higher share of services sales and lower sales in segment Networks.

"The negative industry trends from the first half of 2016 have further accelerated, impacting Q3 sales, primarily relating to mobile broadband. The decline, in both mobile broadband coverage and capacity sales, was particularly strong in markets with a weak macro-economic environment. In addition, capacity sales in Europe were lower than a year ago. Gross margin declined YoY, following lower mobile broadband capacity sales, a higher share of services sales and lower sales in segment Networks," stated Jan Frykhammar, President and CEO of Ericsson.

Notes from the quarterly report:

  • Sales in regions such as Latin America, Middle East and Sub-Saharan Africa were impacted by a weak macro-economic environment. This negative development accelerated in the third quarter and had a negative effect on both mobile broadband coverage and capacity sales in these markets. 
  • Capacity sales in Europe were lower than a year ago. 
  • Both reported sales and sales adjusted for comparable units and currency declined by -14% YoY and sales were particularly weak at the end of the quarter. This shows an acceleration of the negative sales trends compared with the second quarter when the decline in sales, adjusted for comparable units and currency, was -7% YoY. The decline was driven by segment Networks where the reported sales decline worsened from -14% in Q2 to -19% in Q3.
  • Sales in North America declined, mainly due to lower sales in Professional Services. In addition, one customer continued to reduce their investments in mobile broadband. Sales in Mainland China declined by -7% YoY mainly due to lower 3G sales, while 4G deployments continued on a high level.  In India the delayed spectrum auctions led to another slow quarter. The transition from 3G to 4G continued to contribute to sales growth in region South East Asia and Oceania.
  • Sales in the targeted growth areas showed resilience and grew by 3% YoY, driven by Cloud, IP and services related to OSS and BSS. In total, the targeted growth areas now account for 21% of group sales. 
  • The strategic partnership with Cisco has to date generated more than 60 deals.
  • A renewed managed services contract in North America, with reduced scope, will impact sales negatively.

https://www.ericsson.com/news/2050464

TE SubCom Selected for MAREA Submarine Cable

TE SubCom will served as the system supply partner for the new MAREA submarine cable across the Atlantic Ocean, which is backed by Facebook and Microsoft.

TE SubCom said it has completed the route survey and begun manufacture of the system at its facility in Newington, New Hampshire. The parties are on track to begin laying cable using TE SubCom’s cable installation ships next year, with a scheduled completion date of October 2017.

“TE SubCom strives to provide customers with the highest standards of design, manufacture, and system installation,” said Aaron Stucki, president of TE SubCom. “Being named the installation partner for the ground-breaking MAREA cable system further strengthens our position as a leading supplier of the world’s most reliable fiber optic cable systems. We look forward to working with Microsoft and Facebook on what will be a highly advanced and scalable new system.”

http://www.te.com/usa-en/about-te/news-center/subcom-supplies-marea-submarine-cable-system-101916.html

Microsoft and Facebook to Build 160 Tbps Transatlantic Cable

Microsoft and Facebook will jointly fund a new transatlantic cable system linking Virginia Beach, Virginia to Bilbao, Spain.

The MAREA cable, which will be managed by Telxius, Telefónica’s new infrastructure company, will feature eight fiber pairs and an initial estimated design capacity of 160 Tbps. The new 6,600 km submarine cable system will take a more southern route than other transatlantic cables, which mostly connect northern Europe to the New York/New Jersey region.

Construction is set to begin in August 2016 with completion targeted for October 2017.

“In order to better serve our customers and provide the type of reliable and low-latency connectivity they deserve, we are continuing to invest in new and innovative ways to continuously upgrade both the Microsoft Cloud and the global Internet infrastructure,” said Frank Rey, director, global network acquisition, Microsoft Corp. “This marks an important new step in building the next generation infrastructure of the Internet.”

https://blogs.technet.microsoft.com/server-cloud/2016/05/26/microsoft-and-facebook-to-build-subsea-cable-across-atlantic/


  • Microsoft has previously announced investments with Hibernia and Aqua Comms for fiber connectivity from North America to Ireland and on to the United Kingdom.
  • Microsoft is a consortium partner in the New Cross Pacific (NCP) Cable Network.  Other partners include China Mobile, China Telecom, China Unicom, Chunghwa Telecom, and KT. TE SubCom its the cable supplier.

See also