Cybersecurity experts weigh in on Facebook global outage

In Summary

Acronis is a top-notch data protection and cybersecurity firm serving more than 5.5 million home users […]

Acronis is a top-notch data protection and cybersecurity firm serving more than 5.5 million home users and 500,000 companies, including all of the Fortune 1000 companies. Following a six-hour outage of service by popular social media platforms – Facebook, Instagram and WhatsApp on Monday, cyber protection experts from the company offer some insights into what could have caused the interruption – Excerpts – 

Candid Wuest, Acronis VP, Cyber Protection Research

“While there’s no confirmation on what caused the incident from Facebook Inc, it’s possible that the issue lies with the BGP or DNS protocol – which happen to be popular targets among cybercriminals.

There are various potential attacks against DNS infrastructure – from DDoS attacks to local DNS rebinding or hijacking a DNS with social engineering against the registrar. Looking at overall attack statistics, they are a lot less popular than common malware and ransomware attacks, but they can be extremely devastating if successful in a sophisticated attack. It’s like pulling the electric cable to your server room – the whole enterprise suddenly goes dark.

Protection against DNS attacks is not trivial as they come in multiple facets. It requires strong authentication and patching to guard your own services, training against social engineering attacks, as well as classical DDoS mitigations from providers, such as Cloudflare. Naturally, configuration issues should be avoided as well. Depending on what service is attacked – for example, if it’s a central authentication server shared between multiple brands, like in this case, then such a single outage can lead to multiple brands going offline.

To be fair, we must note that most commonly such outages are caused by non-malicious actions – suspect it to be the case here too.”


Topher Tebow, Acronis Cybersecurity analyst







How popular are cyberattacks on DNS servers? how sophisticated does the attacker need to be to execute?

Denial of service attack is the most common type of DNS attack and is easily accomplished by attackers, as it relies on simply overloading a server with requests. Other attacks like DNS hijacking and DNS poisoning, where a domain’s records are replaced or spoofed by an attacker, are more difficult to pull off but can be accomplished by an attacker familiar with potential vulnerabilities in the DNS system.

Have you seen the growth of such attacks since the pandemic hit?

Attackers are always looking at new ways to accomplish their goals. In the last couple of years, we have seen some DNS attacks used as part of a multi-extortion scheme when ransomware victims do not pay the ransom. These attacks have not seen quite the increase that other types of attacks have, but as with other types of attacks, they do seem to be happening more frequently – with DDoS attacks leading the DNS attacks.

In case of a cyberattack, what’s the recommended course of action?

As with any attack, it is important to remain calm, and have a response plan in place ahead of time. For a DNS attack, this plan will include who communicates what, how, and when – as well as having a backup DNS solution planned that can be quickly implemented, if not automatically switched to in the event of an attack on the main DNS servers. Direct communication with the DNS provider will be helpful in most cases.

How do businesses protect from such attacks?

DNS monitoring, CDNs, and redundancy are some of the best ways to protect against DNS attacks. Nothing is a full guarantee that an attack won’t be successful, but with proper monitoring, redundant DNS, and utilization of a CDN, the damage of an attack can be minimized.

For companies like Facebook Inc, housing multiple brands – does an attack on DNS servers mean outage for all their brands? or could it be avoided?

For companies that house multiple brands, the effect on subsidiaries will really depend on how the companies are configured. If they are all using the same DNS servers, and the attack is on those servers, then services will go down for all of the associated companies.



Related Posts