Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:59 PM
George V. Hulme
George V. Hulme

Register.com Suffered Massive Denial-of-Service Attack

Anyone dependent on domain name registrar and hosting company Register.com, for either hosting their Web site or e-mail, learned first hand the pain of a distributed denial-of-service attack.

Anyone dependent on domain name registrar and hosting company Register.com, for either hosting their Web site or e-mail, learned first hand the pain of a distributed denial-of-service attack.I'm not sure what time the attacks began, but I noticed I lost access to my e-mails that depend on Register.com starting Wednesday afternoon.

In fact, e-mail access didn't seem to normalize until Saturday.

I couldn't access my Web site, nor POP e-mail, nor Web mail.

Here's the e-mail Register.com sent to customers, Friday at about 5:00 PM:

Dear George,

Earlier today we communicated to you we were experiencing intermittent service disruptions as a result of a distributed denial of service (DDoS) attack - an intentionally malicious flooding of our systems from various points across the internet.

We want to update you on where things stand.

Services have been restored for most of our customers including hosting and email. However for some of our customers, services are not fully restored. We know this is unacceptable.

We are using all available means to restore services to every one of our customers and halt this criminal attack on our business and our customers' business. We are working round the clock to make that happen.

We are committed to updating you in as timely manner as possible, please check your inbox or our website for additional updates.

Thank you for your patience.

Larry Kutscher Chief Executive Officer Register.com

Problem is: I didn't receive any earlier notice on the availability issues. I had (barely) intermittent access to e-mail, and failed to be able to access Register.com on my several attempts.

As most of you are probably aware, a distributed denial-of-service attack is an attack where typically a few thousand (could be a few hundred, or even tens of thousands) systems are comprised with "bots." Those bots are instructed to swamp servers with so much bogus traffic that legitimate traffic can't get through.

Mid-afternoon on Saturday, Register.com provided the following update, stating that all of their web services were operational:

Please note we are not discounting the possibility of an escalated DDoS attack. We are taking every possible precaution to protect our infrastructure and our customers. In response we have:

- Deployed counter-measures to mitigate the attack and added capacity across the company's network - Setup special channels with major ISPs to re-enable customers' services - Isolated the profile of the attack through forensic data analysis - Engaged the FBI and The Department of Homeland Security

Bullets three and four seem like reasonable response to an attack to me. However, there's little excuse for a hosting company and e-mail provider to deploy D-DOS countermeasures after a D-DOS attack. These countermeasures would have already been on-the-ready. Ditto for special channels being setup with other ISPs for traffic failover.

Why would Register.com have been targeted for an attack? They're not saying. However, Brian Krebs at the Washington Post is on to one possible idea, and that's Register.com is/was the target of extortion. It's common for cyber-criminals to target gambling Web sites, for instance, with extortion attacks, though I'm not familiar with it being common among ISPs. Let's hope this isn't the beginning of a trend.

Let's also hope, if this is the case of extortion, that Register.com didn't pay up.

I wrote a cover story on Extortion Attacks a few years ago. It was an interesting story. Still is. And, unfortunately, online extortion is still a problem.

I'm not going to leave what business I currently give to Register.com because of this attack. That would be punishing one of the victims in this mess.

But I am disappointed that the company wasn't better prepared. And I will leave if there is a next time for exactly that reason.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.