CybersecurityThwarting DDoS Technique that Threatened Large-Scale Cyberattack

Published 3 June 2020

Researchers have developed a technique that could allow a relatively small number of computers to carry out DDoS (distributed denial of service) attacks on a massive scale, overwhelming targets with false requests for information until they were thrown offline. The attack exploits vulnerabilities in the Domain Name System or DNS. The researchers alerted a broad collection of companies responsible for the internet’s infrastructure to their findings.

In October 2016, a cyberattack temporarily took down Amazon, Reddit, Spotify and Slack for users along the U.S.’s East Coast. Mirai, a botnet of hacked security cameras and internet routers, aimed a flood of junk traffic at the servers of Dyn, a company that provides the global directory (or phonebook) for the web known as the Domain Name System or DNS.

Now researchers at Tel Aviv University and the Interdisciplinary Center (IDC) of Herzliya say that a weakness in the DNS could have brought about an attack of a much larger scale.

In their new study, which will be presented at the USENIX Security Conferencein August 2020, the research group, co-led by Prof. Yehuda Afek of TAU’s Blavatnik School of Computer Science, and Prof. Anat Bremler-Barr, vice dean of IDC’s Efi Arazi School of Computer Science, together with TAU doctoral student Lior Shafir, provides new details of a technique that could have allowed a relatively small number of computers to carry out DDoS (distributed denial of service) attacks on a massive scale, overwhelming targets with false requests for information until they were thrown offline.

Tel Aviv University saysthat as early as February, the researchers alerted a broad collection of companies responsible for the internet’s infrastructure to their findings. The researchers say those firms, including Google, Microsoft, Cloudflare, Amazon, Dyn (now owned by Oracle), Verisign, and Quad9, have all updated their software to address the problem, as have several makers of the DNS software those companies use.

Through joint research projects, Afek and Bremler-Barr have already stopped hundreds of thousands of DDoS cyberattacks over the last two decades, starting with the design of the first DDoS attacks scrubber server at Riverhead Networks, a company they co-founded with Dr. Dan Touitou in 2001.

The DNS is the essential internet directory,” explains Bremler-Barr. “In fact, without the DNS, the internet cannot function. As part of a study of various aspects of the DNS, we discovered to our surprise a very serious breach that could attack the DNS and disable large portions of the network.”